Network Security: Detailed info on Re: ICMP spoofed source tunneling

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Bugtraq

[Top] [All Lists]

Re: ICMP spoofed source tunneling

from [fenfire] Network Security

[Permanent Link]

Subject:	Re: ICMP spoofed source tunneling
Date:	Wed, 22 Sep 2004 22:30:47 +0200

On Wed, Sep 22, 2004 at 10:06:40AM -1000, Tim Newsham wrote:

How does this give anonymity?  When sending to the server, I must use the
servers address as a source address.  When the server replies to me, it
must use my address as a source address.


Yes - you cannot use this in both directions:

 - In the server->client direction, the server can spoof IP source 
   addresses.

 - In the client->server direction, you need to use multi-level "anonymous 
   proxying", as used by several current P2P implementations (Gnutella for
   queries, Freenet, GNUnet etc).

The advantage of this is that the available bandwidth can be fully utilized
in the server->client direction, but at the same time the server IP address
can remain unknown to the client. With current P2P systems, server->client
proxying significantly reduces the download bandwidth.

In practice, implementing this will be fairly complicated because you end
up re-implementing TCP over a highly asymmetric connection.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
ICMP spoofed source tunneling, Max Tulyev Re: ICMP spoofed source tunneling, fenfire Re: ICMP spoofed source tunneling, Tim Newsham Re: ICMP spoofed source tunneling, fenfire <= Re: ICMP spoofed source tunneling, Calum Re: ICMP spoofed source tunneling, sin Re: ICMP spoofed source tunneling, Dave Paris Re: ICMP spoofed source tunneling, raiblehugo

Previous by Date:	[Full-Disclosure] Multiple vulnerabilities in ActivePost Standard 3.1, Luigi Auriemma
Next by Date:	[Full-Disclosure] [ GLSA 200409-32 ] getmail: Filesystem overwrite vulnerability, Sune Kloppenborg Jeppesen
Previous by Thread:	Re: ICMP spoofed source tunneling, Tim Newsham
Next by Thread:	Re: ICMP spoofed source tunneling, Calum
Indexes:	[Date] [Thread] [Top] [All Lists]