[TriLUG] IP Address spoofing

Igor Partola igor at igorpartola.com
Wed Jan 25 14:11:11 EST 2012 

Ah! That may be the ticket.

All the IP addresses involved are public. I don't know if 174.36.X.X (eth1)
and 174.36.Y.Y (eth1:1) are on different subnets, but it would seem that
since they would be since their netmasks are different.

Thanks!
Igor

On Wed, Jan 25, 2012 at 12:13 PM, Seva Adari <oddissyus at gmail.com> wrote:

> I am not very clear on the setup. I am thinking that 174.36.X.X is public
> IP, so
> is it possible that your main interface ip address and the alias ip address
> are on different subnets? If they are then that could be an issue.
>
> On Wed, Jan 25, 2012 at 8:09 AM, Igor Partola <igor at igorpartola.com>
> wrote:
>
> > Morning TriLUG!
> >
> > Due to a variety of reasons I have a need to spoof IP addresses of UDP
> > packets over a hosting provider's network (SoftLayer). The main use case
> is
> > that a hostname is being moved from one box to another, but the UDP
> traffic
> > still needs to end up on the original server and the original server
> needs
> > to be able to talk to the IP:port that sent to original packet back.
> >
> > Having done the fun part of writing a packet sniffer and spoofer, I am no
> > running into some interesting issues. First a little about the setup.
> Let's
> > say I have boxes Alpha and Beta and the domain name example.com, which
> > used
> > to be on Alpha but is now moving to Beta. The ifconfig on Alpha looks
> like
> > so:
> >
> > eth1      Link encap:Ethernet  HWaddr 00:00:00:00:00:00
> >          inet addr:174.36.X.X  Bcast:174.36.Z.Z  Mask:255.255.255.248
> >          ...
> >
> > eth1:1    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
> >          inet addr:174.36.Y.Y  Bcast:174.36.255.255  Mask:255.255.255.255
> >          ...
> >
> > The service that listens to the UDP packets normally runs on 174.36.Y.Y.
> I
> > set up my sniffer/spoofer to forward packets from Beta:main IP =>
> > 174.36.Y.Y, but no traffic comes through (according to tcpdump). However,
> > if I set it up as Beta:main IP => 174.36.X.X, it works like a charm. Of
> > course if I disable the spoofing and just forward the packets either
> > address works.
> >
> > My question is, why would spoofing the IP address work on the "real" eth
> > interface, but not on the virtual one?
> >
> > Thanks in advance!
> > Igor
> > --
> > This message was sent to: oddissyus at gmail.com <oddissyus at gmail.com>
> > To unsubscribe, send a blank message to trilug-leave at trilug.org from
> that
> > address.
> > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> > Unsubscribe or edit options on the web  :
> > http://www.trilug.org/mailman/options/trilug/oddissyus%40gmail.com
> > TriLUG FAQ          :
> > http://www.trilug.org/wiki/Frequently_Asked_Questions
> >
> --
> This message was sent to: Igor Partola <igor at igorpartola.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/igor%40igorpartola.com
> TriLUG FAQ          :
> http://www.trilug.org/wiki/Frequently_Asked_Questions
>

More information about the TriLUG mailing list