----- Original Message -----
From: "Julian Mehnle" <bulk(_at_)mehnle(_dot_)net>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Tuesday, March 01, 2005 9:17 AM
Subject: RE: [spf-discuss] Status of Email Authentication
Dave Crocker wrote:
> Every incoming email has an IP address that cannot be forged {1}
Actually, IP Address spoofing is already a problem. Spammers are
stealling portions of IP Address space.
Please tell me, how would you go about "stealing" the IP address
195.30.85.225, for example?
There are several methods. Many involve manipulating routing tables on
intermediate connections, so that the traffic goes to a fake such address or
is even duplicated to that fake destination so that the traffic can be
analyzed and parsed for passwords. (I know at least one company in Boston
that sells a snooping device that will easily disassemble and record in
separate streams all the traffic of a fully loaded 100 MHz Ethernet
connection)
Since most routers have no more security than most FTP accounts, using
default passwords, having little shell scripts or configuration tools lying
around with the passwords in plain text, and having admins log in remotely
over unsecured networks to fix problems and sending passwords in the clear
because they use telnet and few routers support SSH, this isn't actually
that hard.