Re: IP Spoofing/Masquarading

[Fabien Vincent <fabvincent () gmail com>]

Hi all,

I'm not sure about what you want to do, but check cisco.com
functionnalities for ISP routers. This kind of ACLs seems not to be a
default config !

If you have NAT, for sure equipment in charge of MAP addresses and
ports replace your private address by the public interface address,
even if it's not classified as an RFC1918  and others specific
addresses.

But if you can spoof L3 with success whil using RFC1918 with ISP
routers, I want to see it ! Most of them have for sure one Cisco in
their network, and just for the example, they normally advised about
ACL for RFC1918 and RFC3330
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml
Check about BGP and routing process, I'm not really close to BGP
routing, but it will be probably dropped by some security equipements
or ACLs?

Regards ,

Fabien VINCENT
-------------------------------------------------------------------



On Wed, Sep 9, 2009 at 10:16, M.D.Mufambisi<mufambisi () gmail com> wrote:
> So can someone explain ip spoofing in the sense that a packet may be
> spoofed to make it appear as if it originated from the internal lan
> yet it did not. I need an explanation of how it works and how the
> packet is structured.
>
> regards
>
> MD
>
> On 9/9/09, Dan Howerton <danny.howerton () gmail com> wrote:
> > M.D. -
> >
> > The packet wont get to the internet. The moment your ISP sees it, it will
> > be
> > dropped.
> >
> > On Wed, Sep 9, 2009 at 12:19 AM, M.D.Mufambisi <mufambisi () gmail com> wrote:
> >
> > > I understand that IP packets can be spoofed ie change the source
> > > address to make it look like they originated from the internal LAN.
> > > However, when this is done across the internet, with a private IP
> > > address in its source field, how does this packet get routed through
> > > the internet?
> > >
> > > Kind Regards
> > >
> > > ------------------------------------------------------------------------
> > > This list is sponsored by: Information Assurance Certification Review
> > > Board
> > >
> > > Prove to peers and potential employers without a doubt that you can
> > > actually do a proper penetration test. IACRB CPT and CEPT certs require a
> > > full practical examination in order to become certified.
> > >
> > > http://www.iacertification.org
> > > ------------------------------------------------------------------------
> >
> >
> > --
> > Dan Howerton
> > http://metacortexsecurity.com
> > GPG key: 10F5DDA5
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------