Packet Marking for Traceback of Illegal Content Distribution

• Previous message: Packet Marking for Traceback of Illegal Content Distribution
• Next message: Anyone interested in sharing rackspace in SF?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

<quote who="richard childers / kg6hac">
> "To defend against spam and viruses or to stop illegal file sharing, an
> organization must be able to identify the originator of the offending
> messages. However, spammers, pirates and hackers most often use
> incorrect, disguised or false addresses on their messages or data
> packets to deter trace back. Such spoofed addresses are illegal in the
> U.S. but so far, effective.

Ah, but, how many spams/viruses have spoofed IP addresses?

I have yet to receive a spam/virus that contains, or was sent from, a spoofed
IP address.

I have spams that have spoofed/forged "Received:" headers, but the IP address
that connected to my mailserver is real enough.

They really need to do some research on this.  The only way to have a spoofed
IP address make a full TCP connection (to send an email, or to send a file)
is to (1) be at the right router between points A and B, or (2) grab the
route for the "spoofed" IP address.

Now, you can do DoS attacks with spoofed addresses, as you usually do not need
any of the return traffic.

And as Rich said, it relies on every administrator configuring their border
routers correctly.  Then again, if all the ISP's maintained propper
anti-spoofing ACLs, at their borders, spoofing would not be a problem.  No
need for any new protocols, or modifications to protocols.

This really sounds like somebody had an idea, and is now looking for a problem
it can solve.

-- 
END OF LINE
       -MCP

• Previous message: Packet Marking for Traceback of Illegal Content Distribution
• Next message: Anyone interested in sharing rackspace in SF?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]