[TriLUG] IP Address spoofing
oddissyus at gmail.com
Thu Jan 26 14:37:33 EST 2012
> Have Host A listen on a number of UDP ports, then forward all the packets
> to Host B:port X. The listener on Host B:port X will strip off the outer IP
> (and possibly UDP) header and then spoof the address locally. Then the
> original UDP service on Host B can reply directly to original sender. If
> such a thing does not exist, would there be any interest in an open source
> version of it, since the company I work for (TransLoc Inc), might very well
> let me release it.
Even if you are able to accomplish the above (which I think "may be"
doable to a certain degree in a Linux environment with iptables), your
source may not accept the data from host B and rightfully so. If a
source initiates a request to a host A, from a security stand point of
view it should accept the response from A only. Of course, you can
make source accept from any other host, but then you are going to
have to deal with uninvited.
> For those wondering why I'm looking into this: TransLoc tracks buses and
> the way they talk to our servers is over UDP, sending short packets with
> their location over cellular networks + Internet. Our tracking service then
> sends them magic packets back as a sort of acknowledgment that we are
> hearing from them. Due to how the devices have the domain name of the
> servers semi-hardcoded, we cannot just move the tracking service around,
> but we can route the UDP packets around so that eventually they wind up
> reaching the tracking server. The biggest issue is that we need to make
> sure that the acknowledgments reach devices, which means we have to know
> their IP:port. Hence my attempt at spoofing the address of the sender.
I think a talk with some use cases will throw better insight. If you can get
few networking folks together in a room, you might be able to discover
some tool out there that could of value to you.
More information about the TriLUG