Hi, everyone Ed Amoroso here. I want to tell you a little story here in kind of as an introduction to this topic which is essentially spoofing or lying about your source IP address. Back in the 1970s, I was a little kid, there was this very popular book, you don't have to buy it but I'll mention it. It was written by a guy named Abbie Hoffman who was here in the United States, who was like a hippie in the 1960s, the long hair, and a revolutionary guy. Counter establishment, I think is what he would refer himself as. He wrote a book called Steal This Book. It was a cool little book, I remember passing it around in the bus. because it would tell you how to do funny little things, frankly to break the law or steal. Some of them like how you could get a free meal at a diner or how you could rip off the government, all this crazy stuff. But one thing that sort of struck me as interesting that I remember reading as I was a kid, he would say you should do the following. Say if you want to mail a letter to your mother. Then the normal approach to mailing a letter to your mother, I think this is true in just about every country, certainly here in the United States. Is that you would put your mother's address in the bottom right part of the envelope. You'd write it out. My mother, address, city, you know, whatever numbers are meaningful. Here in the U.S. it would be a zip code. And then in the top left of the envelope, you would write your name and where you live. You'd put some postage on it. You'd drop it off at the post office or drop it in a post box or wherever. The mail person takes it, sees where it's coming from, sees where it's going to, sees the postage, probably stamps it or something and sends it off on its way. That's the way that's supposed to work. But Abby Hoffman said why don't you do the following. He said, get a letter and by all means don't put any postage on it, but instead of putting your mother's name in the To section of the envelope and yours in the From. Reverse them. So what happens is, your mother is the From. You are the To. You put no postage on, you drop that at the post office, what does the postal service do, then? Well, back in the seventies, what they did, is something called, Return to Sender. In fact, there's a very popular song by Elvis Presley called, Return to Sender. So, what would happen is, you want to mail something to your mother. You give it to the post office. You lie about the source. You lie about the destination. The destination is less important. You're lying about the source. What happens is the return envelope goes to your mother. Doesn't come back to you, goes to her. Postal service does different things now. They'll set that sort of thing aside. There's a big delay there that made it very inconvenient to do that sort of thing. But it still may work in some places. Look, it works in TCP/IP. One of the decisions that was made by Bob Khan and Vince Cerf, as they were inventing TCP/IP, is they decided that it was going to be okay to lie about your source IP. They just made that decision. I've spent most of my career in telecommunications, and in old circuits with telecommunications, it wasn't the case. You had endpoints that were meaningful. But the fact that you can lie in TCP/IP, or in IP, allows you to do the following. You can have someone with a real source IP, it would pop up, a diagram up here that will show essentially some fake source IPs. 10.10.11.12, so that's your real source IP. But you can craft the source IP in a packet, put it in the header and it doesn't have to be your real source IP, it could be 192.1.2.3. When it gets to the destination, let's say it's a send packet. If the destination then wants to send a send ack where does sent ack go? It doesn't go to you, it goes to 192.1.2.3. Do you follow? That is something that's so fundamental to the way internet security is dealt with in our world, that I really wanted to highlight that here. I mean, I know it's a simple concept and some of your are probably going yeah, I know that. But you need to recognize how foundational that is to so many problems that we have in our infrastructure and internet security in general. And how much misconception exists around that point. For example, when you hear that a storm of packets might be emanating from source at some destination, maybe creating a denial of service condition with SIM packets sending a bunch. They say well, looks like they're coming from, name some country. The country in my favorite cartoonist Dilbert, Scott Adams, a friend of mine, actually. He writes these Dilbert cartoons. He made up a country called Elbonia. So we'll use that not to offend anyone. So I'd say, wow it looks like this attack is coming from Elbonia! And you the security engineer, know that that's probably not right, nobody's going to attack from your own computer, that's kind of dumb. You're probably going to either break into somebody else's or spoof their source IP, or whatever. So, keep that in mind, this idea, that we can deceive, we can tell lies, we can spoof the source IP of some other individual, group, entity or network on the internet. Keep that in mind and we'll see you in the next video.
