Home page logo

webappsec logo WebApp Sec mailing list archives

Re: Tying a session to an IP address
From: exon <exon () home se>
Date: Mon, 10 May 2004 23:11:18 +0200

Toni Heinonen wrote:
You're assuming that routers care about a packets origin.

That's not a far-fetched assumption. Of course, your perimeter router (or perhaps firewall) is supposed to filter all traffic clearly not from the internet (127/8, 224, APIA, RFC1918 and of course your own addresses)

But if you wouldn't want it a public service you might as well block incoming traffic on the port anyways, so this doesn't apply.

and it isn't far-fetched to think ISPs do filtering on their clients' outbound traffic. My ISP does this, I can't spoof my address.

I still haven't found one that does. And the belligerent sort that resort to spoofing often have access to a host or two on some godforsaken remote location that not even virii care about and where IP-tracking is a novelty.

Also, the ISP's routers at different connection points across the Internet can do reverse filtering based on their routing information (if a packet says it's coming from 193.65.76 and that network is by routing information only behind another interface, it's discarded). I've heard of ISPs that do this too.

See statement above regarding perimeter-routers. As for the backbone routers, this is simply ludicrous. There would be no end to the computing power required to sift out traffic on a scale of 10Gbit/sec. In Sweden, those routers run on a minimum of 60% bandwidth usage more or less nonstop. That's 750000000 octets every second, in case you were wondering.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]