1994-06-06 - Hints at spoofing given on TCP-IP Listserv…

Header Data

From: NetSurfer <jdwilson@gold.chem.hawaii.edu>
To: cypherpunks@toad.com
Message Hash: f331763e0cf5853a06cf6bfa9dbc8997d5655fc7b5594001bc8264d709686509
Message ID: <Pine.3.07.9406060712.H3946-a100000@gold.chem.hawaii.edu>
Reply To: N/A
UTC Datetime: 1994-06-06 17:20:10 UTC
Raw Date: Mon, 6 Jun 94 10:20:10 PDT

Raw message

From: NetSurfer <jdwilson@gold.chem.hawaii.edu>
Date: Mon, 6 Jun 94 10:20:10 PDT
To: cypherpunks@toad.com
Subject: Hints at spoofing given on TCP-IP Listserv...
Message-ID: <Pine.3.07.9406060712.H3946-a100000@gold.chem.hawaii.edu>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Sun, 5 Jun 1994 23:46:22 LCL
From: William <billw@GLARE.CISCO.COM>
To: Multiple recipients of list TCP-IP <TCP-IP%PUCC.BITNET@cmsa.Berkeley.EDU>
Subject: Re: Is IP source routing a bad idea?

A correct and bug-free implementation of IP source routing allows
any host on the internet to masquerade as any IP address that it would
like to, thus breaking any access control based on the source IP address
(eg, most of the unix r-utilities.)

Exactly how to do this is left as an excercise to the reader, but the
fundamental problem is that the source route allows the packet to travel
"through" possibly suspect IP entities that have not had the slightest
amount of authentication as "trustworthy" routers applied to them.

BillW
cisco

==========================================================================

Tentacle food for thought?








Thread