FW: [LINK] unlawful interception of internet traffic?

Saliya Wimalaratne saliya at hinet.net.au
Fri Dec 8 10:20:30 AEDT 2006

On Fri, Dec 08, 2006 at 09:00:23AM +1100, Daniel Rose wrote:
> <SNIP>
> If the latter, this implies that UDP:53 DNS packets outbound to a third
> party are not only held undelelivered by the ISP, but that the ISP is
> replying on behalf of the other server.  A question arises; what's the
> source IP address in the UDP packet contaning the DNS response?  Is the
> ISP spoofing, and pretending to actually BE the external server, or is
> your host accepting responses and ignoring the source address? I would
> hope that typically DNS responses with the wrong source IP are not
> honoured by the client, but I'm not completely sure.

Last time I looked (about 3 years ago), Windows <all tested flavours>
would, Mac OS X wouldn't, and various flavours of Linux wouldn't. 

Not sure now...



More information about the Link mailing list