|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
list-fulldisclosure
pwns.ms
Date: Thu Jul 24 2008 - 17:06:30 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> What is always required is a machine where the user has the ability to write
> packets to the network with any IP. This usually means super user access.
> It is difficult in most cases to send udp packets with forged IP since
> routers will not accept them. That is why it is difficult to conduct an
> attack against a random target.
Spoofing one's IP is trivial; there is no - NO - source address checking at the major transit providers; good thing too, it would break lots of things (it's possible - and common - to send packets out to a transit provider with a source IP address that you have *not* announced to them).
Good ISPs tend to check the source address of single-homed customers; plenty of ISPs don't.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]