Firewalls: Re: Spoofing - what is in a name

Firewalls
(June 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Spoofing - what is in a name
From:	Bob Bowes <rebowes @ iwdc1 . office . rest . tasc . com>
Date:	Tue, 25 Jun 1996 14:00:29 -0400
To:	"Daniel Salenger" <dsalenger @ dttus . com>
Cc:	firewalls @ greatcircle . com
In-reply-to:	Your message of "Tue, 25 Jun 1996 10:44:29 CST."

>      For lack of better terminology, I have been calling both of the 
>      following situations 'spoofing'.  If there is a better industry term 
>      for the second scenario I would like to hear it:
>      
>      1. MIBH (Man in Black Hat) knows the internal workings of the network 
>      at company X.  MIBH directly attempts to use an internal trusted IP 
>      address from an untrusted attached network.
>      
>      2. MIBH believes that company X is properly firewalled and that spoof 
>      type 1 will not work.  MIBH knows that company X has strong ties with 
>      company Y.  MIBH attempts to use the company Y IP address to gain 
>      trusted access to application proxies on the firewall.
>      

"Spoofing" refers to looking like someone else.  In both cases you are 
spoofing, that is, you are making yourself (the packets you send out) appear 
to come from someone else.  One way to gain access to a site is to spoof a 
trusted host.  In other words, make yourself look like a machine that is 
trusted.  Both of the cases you mention do this.  The first one is spoofing an 
internal address; the second is spoofing a trusted external address.

Bob

Indexed By Date	Previous:	Re: Gauntlet - How good is it? From: Bill Stout <bill . stout @ hidata . com>
Indexed By Date	Next:	Re: Gauntlet - How good is it? From: "Matthew Cable/USA.NET Inc." <mec @ usa . net>
Indexed By Thread	Previous:	Re: Spoofing - what is in a name From: "Kenneth J. Stephens" <Kenneth_Stephens @ miconsulting . com>
Indexed By Thread	Next:	Re: Spoofing - what is in a name From: "Daniel Salenger" <dsalenger @ dttus . com>