[TriLUG] IP Address spoofing
randy at electronsweatshop.com
Thu Jan 26 17:06:14 EST 2012
On 01/26/2012 09:43 AM, Igor Partola wrote:
> For those wondering why I'm looking into this: TransLoc tracks buses and
> the way they talk to our servers is over UDP, sending short packets with
> their location over cellular networks + Internet. Our tracking service then
> sends them magic packets back as a sort of acknowledgment that we are
> hearing from them. Due to how the devices have the domain name of the
> servers semi-hardcoded, we cannot just move the tracking service around,
> but we can route the UDP packets around so that eventually they wind up
> reaching the tracking server. The biggest issue is that we need to make
> sure that the acknowledgments reach devices, which means we have to know
> their IP:port. Hence my attempt at spoofing the address of the sender.
I have a gut reaction that IP spoofing is the wrong approach to this
problem. It sounds like the problem is that each device should report to
a specific server? Why not just make the devices themselves configurable?
Or if that is not an option, why not have the device ask a central
server (with hardcoded domain name) which specific server it should
report to upon initialization (or on some interval…). For example, if an
NCSU bus needs to report to ncsu.transloc.com:
Step 1: Contact tracking.transloc.com, and ask which tracker I am
supposed to use.
Step 2: tracking.transloc.com might know who I am based on some
identifier that I pass to it (a GUID for the specific device, or
possibly even just my subnet, or whatever).
Step 3: tracking tells me to use ncsu.transloc.com.
This seems like a better direction to me, rather than doing complicated
things that IP wasn't meant for. Unless you are an attacker, you
probably shouldn't be spoofing…
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 262 bytes
Desc: OpenPGP digital signature
More information about the TriLUG