Re: IP number question
From: Michael J. Pelletier (mjpelletier_at_mjpelletier.com)
Date: 01/27/05
- Previous message: Walter Roberson: "Re: IP number question"
- In reply to: Walter Roberson: "Re: IP number question"
- Next in thread: Walter Roberson: "Re: IP number question"
- Reply: Walter Roberson: "Re: IP number question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 26 Jan 2005 18:48:49 -0800
Walter Roberson wrote:
> In article <xRXJd.10243$rw.7692@fed1read04>,
> Michael J. Pelletier <mjpelletier@mjpelletier.com> wrote:
> :manmar@h2009.com wrote:
>
> :> It is possible for one person to use another person's IP
> :> address to post to a newsgroup?
>
> :Also, if they are not on the same subnet, the other guy CAN NOT use his
> :IP. Remember IP 101. For this guy to forge your friends IP address, he
> :must have a route out and back for that IP address. If the other guy is
> :not on the same LAN, he does not have a route back....He can forge DOS
> :type attacks but can not forge a duplex communication. A duplex
> :communication is require to post to a news group.
>
> You have forgotten NNTP 101: messages can be exchanged via
> the IHAVE/SENDME protocol, and when that is done, the headers are
> handed over without change except that the submitted path gets appended to
> [and sometimes even that doesn't happen.]
>
> Thus in order to forge a posting with any given IP address in the
> headers, all one has to do is fine a system that will let you IHAVE
> them.
>
> The closest thing that NNTP has to mail's Received-By: line is
> the posting path, which does not contain IPs.
Sorry I mean TCP/IP 101 not NNTP 101:
I am not talking about the NNTP or MAIL protocols. I am talking about TCP.
In order for you to establish a TCP connection you must have an in and out
route due to the fact that it is a duplex connection.
In DOS scenarios, I send forged packets but, I do not care that the packets
can NOT get back to me (due to the fact that they are routed back to the
real IP address that I am forging)
When sending a news message what happens? Generally, I connect to TCP port
119, some parameters are exchanged (window size, etc). Next I start
sending the message. The news server ACKs the windows by sending TCP
packets back to me. Hence the problem. If I forge someone's IP address, how
can I possibly get the server's ACK packets back? Furthermore, I can never
exchange the TCP options...the connection will fail.
The only way it is possible is if the PCs are on the same subnet...in that
case the packets are routed back to the same LAN.
Again, I would have to say my answer is no.
Michael
- Previous message: Walter Roberson: "Re: IP number question"
- In reply to: Walter Roberson: "Re: IP number question"
- Next in thread: Walter Roberson: "Re: IP number question"
- Reply: Walter Roberson: "Re: IP number question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
