The common term that has emerged is "spoof" rather than
"forge", and the short answer is that very few bits of the Internet
bother to apply any check to source IP addresses. Almost
anybody, almost anywhere, can generate packets that carry
your IP address as their source. Naturally, a bunch of nasty
threats take advantage of this, either to hide their origin, or
to perform a "bounce" attack where innocent bystanders try
to send replies which all go to the real target of the attack,
often amounting to a DoS whose perpetrator is effectively
untraceable.
What's harder, though, is to spoof a bidirectional (e.g. TCP)
connection. In order for that to work, packets directed *to*
your IP address must pass somewhere where the attacker can
see them. (Depending on the technique used, they may or
may not continue on to your real machine.) Unless the attacker
is figuratively on your (or the remote machine's) doorstep, he
may need to compromise a routing table somewhere....
>99% of Internet traffic flows over three protocols: TCP, UDP,
and ICMP. Since TCP requires a bidirectional connection,
most places don't worry too much about spoofing on it. Good
border security, though, heavily restricts the ICMP and UDP traffic
that is permitted.
ISPs have been slow to implement egress filters that ensure
that the only traffic leaving their networks is traffic whose source
shows that it originated there. Most large end-user organizations
probably do this, though. (It's not as trivial for ISPs as it sounds.
Many also carry traffic for third parties, and would be in big trouble
if they accidentally blocked that....)
David Gillett
> -----Original Message-----
> From: Hanuska Ivo [mailto:[EMAIL PROTECTED]
> Sent: July 1, 2003 23:27
> To: [EMAIL PROTECTED]
> Subject: IP address forging
>
>
> I have question which does not make me sleep:
>
> Is it possible to forge my IP address? Imagine situation that
> I am connected with some sort of link (not Ethernet like
> device, there is answer simple, just use ARP manipulation
> methods) possibly by modem to Internet and I want to forge my
> IP address (so I do want to pretend, that my IP address is
> different that really is).
>
> Is there somewhere some information about such a procedure
> and how to protect my resources from connections from such
> forged IP address?
>
> Thank you all,
>
> Ivo Hanuška
>
>
> --------------------------------------------------------------
> -------------
> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by
> top analysts!
> The Gartner Group just put Neoteris in the top of its Magic Quadrant,
> while InStat has confirmed Neoteris as the leader in marketshare.
>
> Find out why, and see how you can get plug-n-play secure
> remote access in
> about an hour, with no client, server changes, or ongoing maintenance.
>
> Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> --------------------------------------------------------------
> --------------
>
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
