Why most TCP/IP implementations are designed to allow sending packets
whose src IP or Mac adderss is not the sender's real address?! In my
opinion, this causes many problems, especially lead to some virus.

On Apr 3, 9:38 am, "lostlander" <lostlander....@gmail.com> wrote:
> Why most TCP/IP implementations are designed to allow sending packets
> whose src IP or Mac adderss is not the sender's real address?!

AFAIK, no TCP/IP implementation is designed in such a manner. Please
provide references for your implied assertion.

(OTOH, many low-level media access implementations permit the crafting
of arbitrary packets, some of which may resemble an IP packet with an
incorrect sender IP address.)

> In my
> opinion, this causes many problems, especially lead to some virus.

Yes, those who break the rules can cause problems. AFAICT, that's the
object of breaking the rules.

In article <1175607526.159882.159740@l77g2000hsb.googlegroups .com>,
lostlander <lostlander.tom@gmail.com> wrote:
>Why most TCP/IP implementations are designed to allow sending packets
>whose src IP or Mac adderss is not the sender's real address?! In my
>opinion, this causes many problems, especially lead to some virus.

1) How would you stop people from using alternate addresses when they
have administrative access to their systems?

2) Within touching distance of me at the moment, I have six systems
that are willing to act as routers doing IP address translation --
what's my "real" IP address? What -is- a "real ip address"?
On multihomed systems? On systems that are part of clusters
providing redundancy or fail-over?

3) The TCP/IP implementation on the system I'm using right now
was designed to be able to provide service to multiple IP addresses
per interface; in the days it was built, computers were expensive
and you couldn't afford to go out and buy another one from petty cash.
We're talking "hire a person for a year" kind of prices. Should the
TCP/IP implementers really have (-somehow-!) enforced the kinds of
restrictions you are thinking of, even though it would have cost
a lot of people a lot of money back then?

4) Remember, a computer is a general purpose information processing
device. Trying to prevent it from being used in certain ways is
like trying to block a stream from running downhill by blocking
it with your open fingers. If you want to get an idea of how
hard it is in real life, check out how for Microsoft got on its
Trusted Computing Initiative, such as using its Trusted Platform Module
(TPM).

On Tue, 03 Apr 2007 23:46:56 +0000, Walter Roberson wrote:

> In article <1175607526.159882.159740@l77g2000hsb.googlegroups .com>,
> lostlander <lostlander.tom@gmail.com> wrote:
>>Why most TCP/IP implementations are designed to allow sending packets
>>whose src IP or Mac adderss is not the sender's real address?! In my
>>opinion, this causes many problems, especially lead to some virus.
>

(snip)

5) It allows for truly transparent proxies.

6) It allows security professionals to test security. The bad guys will
find some method even if the OS normally doesn't allow it.

M4

On Apr 3, 6:38 am, "lostlander" <lostlander....@gmail.com> wrote:
> Why most TCP/IP implementations are designed to allow sending packets
> whose src IP or Mac adderss is not the sender's real address?! In my
> opinion, this causes many problems, especially lead to some virus.

What is a "real address"? How can you tell a "real address" from some
other kind of address.

DS

In article <1176151187.410539.226160@n76g2000hsh.googlegroups .com>,
"David Schwartz" <davids@webmaster.com> wrote:

> On Apr 3, 6:38 am, "lostlander" <lostlander....@gmail.com> wrote:
> > Why most TCP/IP implementations are designed to allow sending packets
> > whose src IP or Mac adderss is not the sender's real address?! In my
> > opinion, this causes many problems, especially lead to some virus.
>
> What is a "real address"? How can you tell a "real address" from some
> other kind of address.

I think it's pretty obvious that he means the configured addresses of
the machine's interfaces.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

In article <barmar-8588C6.20472109042007@comcast.dca.giganews.com>,
Barry Margolin <barmar@alum.mit.edu> wrote:
>In article <1176151187.410539.226160@n76g2000hsh.googlegroups .com>,
> "David Schwartz" <davids@webmaster.com> wrote:

>> On Apr 3, 6:38 am, "lostlander" <lostlander....@gmail.com> wrote:
>> > Why most TCP/IP implementations are designed to allow sending packets
>> > whose src IP or Mac adderss is not the sender's real address?! In my
>> > opinion, this causes many problems, especially lead to some virus.

>> What is a "real address"? How can you tell a "real address" from some
>> other kind of address.

>I think it's pretty obvious that he means the configured addresses of
>the machine's interfaces.

He used "real address", singular. You are using "configured
addresses", plural. The original poster appears to believe
that "senders" only have ONE "real address", so it is not at all
obvious to us which ONE address is -the- "real address" on machines
configured with multiple addresses.

It's been rather some time since I used any machine that only had
one IP address configured on it; the practice has been to configure
at least two for rather some time, with the second one being the
loopback address. The existance of the loopback address to send
packets even on the same machine challenges the premise of the
original poster's question.