Steve Orr <sorr@eznet.net> wrote:
To whomever: I'm a reporter at the daily newspapers in Rochester, N.Y., researching a story on the recent spate of IP-spoof hack events. Supposedly a toad.com address was used by a person who broke into the San Diego supercomputer center a month ago. What's toad.com? I got your name from a web search that found an old communique. Can you be any help? I'm simply trying to reconstruct what happened. Steve Orr Gannett Rochester Newspapers
To Mr. Orr: It appears that someone has decided to anonymously make rude comments in reply to your message, instead of answering the questions. This is unfortunate, but not surprising (to me, at least). Recently there have been several articles in popular newspapers and magazines, which were poorly researched and presented horribly innacurate and misleading information about the Internet. Some of these were incredibly biased, and in a few cases were defamatory and made very unfavorable statements about people who are well-respected on the Internet. This has understandably created an intense hostility toward the popular media in general. Reporters who are new to the network will undobutably encounter this hostility and mistrust. Unfortunately, this animosity is self-perpetuatuating process. While I share the anonymous poster's frustration, I must denounce his manner of showing it, for it only serves to exacerbate the problem. Judging by your reference to an old communique found in a web search, you seem not to know the ultimate destination of the address you have written to (cypherpunks@toad.com). This is a broadcast address which relays messages to a group of about 700 people. It is a forum for discussing privacy and security on the internet, and the use of cryptography to acheive those goals. However, I will attempt to answer your query with a general explanation of what an "IP Spoofing" attack is. Computers on the internet use a standard method of communicating known as the Internet Protocol. Data to be transmitted is placed into a form known as a packet. A packet is like a letter dropped into a mailbox to be sent on its way. It has a to address, a return address and a message. The packet is sent from your computer to another computer known as a router. The router looks at the address on the packet, decides which direction it should go, and retransmits the packet over a wire to another router. Each router will re-send the packet to the next one as the packet makes its way through the network, until it ultimately reaches its final destination. IP spoofing is, simply put, placing a fake return address on a packet, and pretending to be a authorized user on a computer system that you are not really on. This is, basically, a high tech version of an old mail-fraud system: Suppose you sent a letter to a corporation purporting to be one of their major suppliers. In it you indicate that you have a shipment ready, and ask if they are interested in purchasing it. Having knowledge about what their usual response might be, you anticipate a positive reply and send another letter thanking them for their interest, and giving instructions for where to send the money. Now, the real supplier actually gets their responses back - you're just blindly guessing what those responses will be - but by the time they figure it out, you're made off with their money. IP spoofing is the same - someone can send IP data packets purporting to be from someone else, guess the responses, and act accordingly. Sometimes they will guess wrong and fail. But if they try it enough, they'll find someone, or more likely some program, that'll fall for it, letting them have unauthorized access to the target computer. I hope that answers your questions.