spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Can the SPF technique be used to stop IP address spoofing?

2004-11-23 05:49:12
from [terry] [Permanent Link] 
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of David 
Woodhouse
Sent: Tuesday, November 23, 2004 5:37 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Can the SPF technique be used to stop
IP address
spoofing?


I've just had a great idea. IP spoofing can be a big problem -- it can
be used to poison DNS caches and hijack TCP sessions, and to cause a
denial of service attack.

We can use the same technique as SPF to address this forgery,
though. I
can publish a record which says the MAC address of my Ethernet card or
the phone number I dial from (or whatever's appropriate to my
connection). When someone receives a packet which claims to be from my
IP address, they can check to see if it comes from my MAC
address, or my
phone line -- and if it does not, they can discard it because it's a
forgery.

There may be some other machines out there which currently
send packets
claiming to be from my IP address, but they can stop doing that (they
can use NAT) -- it's my right to declare that I don't want my
IP address
to be 'forged' like that.

I think this can address a really important security problem on the
Internet. I don't want to use IPSec to sign my outgoing
packets; I want
to do it this way -- it's much better.


I don't see ghow signing with a MAC addresses is any safer.  Indeed I see it as 
less safer because
MAC addresses are not routable, so anyone can fake their MAC address to be 
anything they want it to
be.

Terry Fielder
Manager Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
terry(_at_)greatgulfhomes(_dot_)com
Fax: (416) 441-9085



--
dwmw2

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in
Atlanta features SPF and Sender ID.
To unsubscribe, change your address, or temporarily
deactivate your subscription,
please go to

http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Sendmail white paper, David Woodhouse
Next by Date:  RE: Voters register, terry
Previous by Thread:  Re: Re: Can the SPF technique be used to stop IP address spoofi, James Couzens
Next by Thread:  RE: Can the SPF technique be used to stop IP address spoofing?, David Woodhouse
Indexes:  [Date] [Thread] [Top] [All Lists]