Home page logo

webappsec logo WebApp Sec mailing list archives

RE: Tying a session to an IP address
From: "Toni Heinonen" <Toni.Heinonen () teleware fi>
Date: Mon, 10 May 2004 22:48:44 +0300

You're assuming that routers care about a packets origin.

That's not a far-fetched assumption. Of course, your perimeter router (or perhaps firewall) is supposed to filter all 
traffic clearly not from the internet (127/8, 224, APIA, RFC1918 and of course your own addresses) and it isn't 
far-fetched to think ISPs do filtering on their clients' outbound traffic. My ISP does this, I can't spoof my address.

Also, the ISP's routers at different connection points across the Internet can do reverse filtering based on their 
routing information (if a packet says it's coming from 193.65.76 and that network is by routing information only behind 
another interface, it's discarded). I've heard of ISPs that do this too.

     Mob. +358 40 836 1815 / Tel. +358 (9) 3434 9110 
     Laajalahdentie 23, FIN-00330 Helsinki, Finland 
     toni () teleware fi / www.teleware.fi 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]