Identity

Matthew J Ghio mg5n+ at andrew.cmu.edu
Thu Jan 26 17:05:46 PST 1995


Steve Orr <sorr at eznet.net> wrote:

> To whomever:
>   I'm a reporter at the daily newspapers in Rochester, N.Y., researching a
> story on the recent spate of IP-spoof hack events. Supposedly a toad.com
> address was used by a person who broke into the San Diego
> supercomputer center a month ago. What's toad.com? I got your name
> from a web search that found an old communique.
>   Can you be any help? I'm simply trying to reconstruct what happened.
> Steve Orr
> Gannett Rochester Newspapers


To Mr. Orr:

It appears that someone has decided to anonymously make rude comments in
reply to your message, instead of answering the questions.  This is
unfortunate, but not surprising (to me, at least).  Recently there have
been several articles in popular newspapers and magazines, which were
poorly researched and presented horribly innacurate and misleading
information about the Internet.  Some of these were incredibly biased,
and in a few cases were defamatory and made very unfavorable statements
about people who are well-respected on the Internet.  This has
understandably created an intense hostility toward the popular media in
general.  Reporters who are new to the network will undobutably
encounter this hostility and mistrust.  Unfortunately, this animosity is
self-perpetuatuating process.  While I share the anonymous poster's
frustration, I must denounce his manner of showing it, for it only
serves to exacerbate the problem.

Judging by your reference to an old communique found in a web search,
you seem not to know the ultimate destination of the address you have
written to (cypherpunks at toad.com).  This is a broadcast address which
relays messages to a group of about 700 people.  It is a forum for
discussing privacy and security on the internet, and the use of
cryptography to acheive those goals.

However, I will attempt to answer your query with a general explanation
of what an "IP Spoofing" attack is.  Computers on the internet use a
standard method of communicating known as the Internet Protocol.  Data
to be transmitted is placed into a form known as a packet.  A packet is
like a letter dropped into a mailbox to be sent on its way.  It has a to
address, a return address and a message.  The packet is sent from your
computer to another computer known as a router.  The router looks at the
address on the packet, decides which direction it should go, and
retransmits the packet over a wire to another router.  Each router will
re-send the packet to the next one as the packet makes its way through
the network, until it ultimately reaches its final destination.

IP spoofing is, simply put, placing a fake return address on a packet,
and pretending to be a authorized user on a computer system that you are
not really on.  This is, basically, a high tech version of an old
mail-fraud system:  Suppose you sent a letter to a corporation
purporting to be one of their major suppliers.  In it you indicate that
you have a shipment ready, and ask if they are interested in purchasing
it.  Having knowledge about what their usual response might be, you
anticipate a positive reply and send another letter thanking them for
their interest, and giving instructions for where to send the money. 
Now, the real supplier actually gets their responses back - you're just
blindly guessing what those responses will be - but by the time they
figure it out, you're made off with their money.   IP spoofing is the
same - someone can send IP data packets purporting to be from someone
else, guess the responses, and act accordingly.  Sometimes they will
guess wrong and fail.  But if they try it enough, they'll find someone,
or more likely some program, that'll fall for it, letting them have
unauthorized access to the target computer.

I hope that answers your questions.






More information about the cypherpunks-legacy mailing list