[VOIPSEC] Spoof of IP address within a (large) domain

[Brian Rosen]

Now it's my turn to "ask the experts".

 

I have someone proposing a solution to a large problem of "where are you?";
that is, finding your own location.

It's for 9-1-1, and we have one mechanism, DHCP, that we are pretty happy
with; you can spoof within your subnet, but that's about it, and location
doesn't vary much within the subnet.

 

For various reasons, there are folks who don't like that idea and are
pushing another.  They want server in the domain to return your address when
asked.  They propose to use your IP address as the key to who "you" is.
Just for the moment, ignore the issues of what the protocol is and what its
security characteristics are.  They say that within their network (think a
big DSL network), you cannot spoof IP addresses.

 

I was pretty taken aback by that.  I thought it was pretty easy to spoof.  I
understand that they have the DSL modems pretty wired down (they won't let
you spoof an address coming from the DSL modem; they know what IP address it
should be), but I thought there were other was to spoof.

 

So that's my question: is IP address good enough, or are they just
delusional that they can prevent spoofing within the domain.

 

Brian