spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Can the SPF technique be used to stop IP address spoofing?

2004-11-23 03:48:35
from [Stefan Engelbert] [Permanent Link] 
I don't think at all IP spoofing is a problem nowadays. 
With modern Routers/Switchs you are allready allready protected.
Furthermore the MAC address will change anyway on the way of the packet
so 
you cannot use the MAC address....
Stefan

-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of David 
Woodhouse
Sent: Tuesday, November 23, 2004 11:37 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Can the SPF technique be used to stop IP address
spoofing?

I've just had a great idea. IP spoofing can be a big problem -- it can
be used to poison DNS caches and hijack TCP sessions, and to cause a
denial of service attack.

We can use the same technique as SPF to address this forgery, though. I
can publish a record which says the MAC address of my Ethernet card or
the phone number I dial from (or whatever's appropriate to my
connection). When someone receives a packet which claims to be from my
IP address, they can check to see if it comes from my MAC address, or my
phone line -- and if it does not, they can discard it because it's a
forgery.

There may be some other machines out there which currently send packets
claiming to be from my IP address, but they can stop doing that (they
can use NAT) -- it's my right to declare that I don't want my IP address
to be 'forged' like that.

I think this can address a really important security problem on the
Internet. I don't want to use IPSec to sign my outgoing packets; I want
to do it this way -- it's much better.

--
dwmw2

-------
Sender Policy Framework: http://spf.pobox.com/ Archives at
http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta
features SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com


  
This mail was checked for viruses by GFI MailSecurity. 
GFI also develops anti-spam software (GFI MailEssentials), a fax server (GFI 
FAXmaker), and network security and management software (GFI LANguard) - 
www.gfi.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: [IETF] Allocation of the new RR type for SPF, jpinkerton
Next by Date:  RE: Re: Can the SPF technique be used to stop IPaddress spoofi, Stefan Engelbert
Previous by Thread:  acronym soup and request for urls, Stephen Pollei
Next by Thread:  Re: Can the SPF technique be used to stop IP address sp, Stephane Bortzmeyer
Indexes:  [Date] [Thread] [Top] [All Lists]