Date: Tue, 16 Sep 2014 12:09:26 -0500 From: Leif Pedersen <bilbo@hobbiton.org> To: Mark Felder <feld@freebsd.org> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:19.tcp Message-ID: <CAK-wPOjJh-2BiD-0gVuynO=bDkHpthcDAb3BWXDAzB-7f7kWMQ@mail.gmail.com> In-Reply-To: <1410875348.3660913.168112729.18E69A9D@webmail.messagingengine.com> References: <201409161014.s8GAE77Z070671@freefall.freebsd.org> <54180EBF.2050104@pyro.eu.org> <1410870926.3637266.168084441.4C997218@webmail.messagingengine.com> <44y4tjwvlm.fsf@lowell-desk.lan> <1410875348.3660913.168112729.18E69A9D@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 16, 2014 at 8:49 AM, Mark Felder <feld@freebsd.org> wrote: > > How many AS are out there don't implement BCP38? Spoofing these days > without MITM should be considered hard, and TCP even harder, no? I'd > find it more believable that it's easier to hijack BGP than to target > someone and successfully spoof TCP. > > Maybe I'm just naive and haven't seen this behavior in the wild during > my time working at an ISP :-) > > Between work and home, I have access to three internet connections from different ISPs. None stop me from sourcing packets from arbitrary addresses. For example, if I use "ifconfig xx0 alias 1.1.1.1/32; ping -S 1.1.1.1 <victim>" and use tcpdump on <victim>, I see the traffic with the source address 1.1.1.1. I have no special arrangements; just typical commodity service. So there are at least three ISPs serving my area that don't prevent IP spoofing. -- As implied by email protocols, the information in this message is not confidential. Any middle-man or recipient may inspect, modify, copy, forward, reply to, delete, or filter email for any purpose unless said parties are otherwise obligated. As the sender, I acknowledge that I have a lower expectation of the control and privacy of this message than I would a post-card. Further, nothing in this message is legally binding without cryptographic evidence of its integrity. http://bilbo.hobbiton.org/wiki/Eat_My_Sig
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAK-wPOjJh-2BiD-0gVuynO=bDkHpthcDAb3BWXDAzB-7f7kWMQ>