Subject: Re: Problems with Sendmail
From: shortpier (shortpier@shortpier.is-a-geek.com)
Date: Fri Nov 14 2003 - 04:29:57 AKST
Mike
Yep you got it right
As Long as the gateway is a routeable addy all the routers in between
will ignore all other IP info beacuse the packet is sent to the
gatewaythen the gateway decides the route. This is NOT a spoof But a
badly set up NAT/Private IP system. True spoofing takes place at the
packet level and is a motherF**ker to protect agains.. You have to
capture that packets "inflight" And with most spoofs you look at the
hosts that the packet has passed through and the second addy from the
"origin" is normally the true ip of the sender. Refrence the
teardrop/nestea exploits that used to Bulescreen Win95/98 first edition
and use 100% CPU time on NT4 (ip packet fragment bug in BSD TCPIP that
Linux and M$ were useing in those days.
/me does not know why people would like Teardrop................
Ah to be young again
Shortpier
On Sat, 2003-11-15 at 21:46, Barsalou wrote:
> I think I finally get it....if I have box A and I want to spoof traffic,
> I can use Box B where ever it is in the world as my gateway and
> therefore if it is broken in the way it routes, I can spoof the
> source/destination address and the routers between me and that box won't
> care....they will just blindly pass the packet on to the gateway...do I
> understand what you are saying?
>
> Mike
---- Attached file included as plaintext by Listar -- -- File: signature.asc -- Desc: This is a digitally signed message part
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQA/tNjVNyWzwlj5xp4RAs2OAJ9SeKNDwuS/Jg7cga1f2n41lTSIigCffbbV /o5QqIvxE+1+Wy9XBvJ6jzA= =nCGp -----END PGP SIGNATURE-----
--------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Sat Nov 15 2003 - 22:03:39 AKST