lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <200807270521.m6R5Lmgu016007@drugs.dv.isc.org>
Date: Sun, 27 Jul 2008 15:21:48 +1000
From: Mark Andrews <Mark_Andrews@....org>
To: list-fulldisclosure@...s.ms
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: DNS spoofing issue. Thoughts on potential
	exploits


> > What is always required is a machine where the user has the ability to write
> > packets to the network with any IP. This usually means super user access.
> > It is difficult in most cases to send udp packets with forged IP since
> > routers will not accept them. That is why it is difficult to conduct an
> > attack against a random target.
> 
> Spoofing one's IP is trivial; there is no - NO - source address checking at the m
> ajor transit providers; good thing too, it would break lots of things (it's possi
> ble - and common - to send packets out to a transit provider with a source IP add
> ress that you have *not* announced to them).
> 
> Good ISPs tend to check the source address of single-homed customers; plenty of I
> SPs don't.

	Good ISP's will check multi-homed customers as well.
	Multi-homed customers should be able to tell you what
	prefixes they are using or atleast the enclosing prefixes
	their alternate ISP assigns from.  No multi-homed customer
	should be able to spoof the entire world.

	They will also check their NOC and anywhere else that spoofed
	traffic shouldn't be coming from.

	We all should be checking that we are not emitting spoofed
	traffic.  It catches configuration errors if nothing else.

	Mark
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews@....org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ