"Andrew Sullivan" <[EMAIL PROTECTED]> writes:

> On Fri, Aug 31, 2007 at 12:30:02PM -0500, Decibel! wrote:
>> Is it easy to spoof where an incoming connection request is coming from?
>> Is there something else that makes ident on insecure?
> It shouldn't be easy.  Ident uses TCP, which is rather harder to
> spoof.  

Say what? It's actually quite easy to spoof TCP. There are even command-line
tools to do it available in most Unix distributions.

> If someone can originate spoofed TCP packets from, you gots bigger
> problems than them being able to lie about the identity of a user.

Well yes, there are other insecure services which look at the originating ip
address. But hopefully fewer and fewer as time goes on. Once upon a time X was
a big target since most X servers shipped trusting and you could
slip a request into the first data packet to trust other ip addresses which
made attacking it considerably easier. These days X doesn't use ip addresses
to handle authorization any more.

Also modern distributions, at least on Linux, tend to install ip filters to
block packets with source addresses like 127/8 coming from an external
interface. However even today I wouldn't be confident that all operating
systems do so or that they work correctly in all circumstances.

  Gregory Stark
  EnterpriseDB          http://www.enterprisedb.com

---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend

Reply via email to