The BSD/POSIX socket API recvfrom() call (made available to C or C++ programmers via the <sys/socket.h> header file) provides a source address "out" parameter, struct sockaddr *src_addr, which stores the IP address of the remote server that sent the received datagram.
For any application that sends UDP datagrams to some remote endpoint, and then receives a response (such as, for example, a DNS resolver), is it considered a necessary security precaution to always make sure that any received datagram is from the same IP address as the last sent datagram (i.e. the address used in the previous sendto call?)
In other words, if we call sendto and send a datagram to some address, should we always make sure that a corresponding recvfrom call is from the same address?
It seems that this might not be feasible, considering that a response datagram might legitimately originate from a different IP if the remote server is behind a firewall, or part of some distributed system with multiple IP addresses.
But, if we don't verify that a received datagram is from the same IP address as the address from the last sendto call, what's to prevent some attacker from intercepting datagrams, and then sending malicious datagrams to the client?
Aucun commentaire:
Enregistrer un commentaire