Full Disclosure mailing list archives
Re: DNS spoofing issue. Thoughts on potential exploits
From: Mark Andrews <Mark_Andrews () isc org>
Date: Sun, 27 Jul 2008 15:21:48 +1000
What is always required is a machine where the user has the ability to write packets to the network with any IP. This usually means super user access. It is difficult in most cases to send udp packets with forged IP since routers will not accept them. That is why it is difficult to conduct an attack against a random target.Spoofing one's IP is trivial; there is no - NO - source address checking at the m ajor transit providers; good thing too, it would break lots of things (it's possi ble - and common - to send packets out to a transit provider with a source IP add ress that you have *not* announced to them). Good ISPs tend to check the source address of single-homed customers; plenty of I SPs don't.
Good ISP's will check multi-homed customers as well. Multi-homed customers should be able to tell you what prefixes they are using or atleast the enclosing prefixes their alternate ISP assigns from. No multi-homed customer should be able to spoof the entire world. They will also check their NOC and anywhere else that spoofed traffic shouldn't be coming from. We all should be checking that we are not emitting spoofed traffic. It catches configuration errors if nothing else. Mark
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews () isc org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: DNS spoofing issue. Thoughts on potential exploits Troy Xyz (Jul 24)
- Re: DNS spoofing issue. Thoughts on potential exploits list-fulldisclosure (Jul 24)
- Re: DNS spoofing issue. Thoughts on potential exploits Mark Andrews (Jul 26)
- Re: DNS spoofing issue. Thoughts on potential exploits list-fulldisclosure (Jul 24)