Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can You Spoof IP Packets?

Posted by ryuzaki0 on from the something-to-think-about dept.

nweaver writes "Spoofed IP packets are still believed to be a significant problem for the Internet. But are they? The Spoofer Project is attempting to measure the problem. Apparently, 80% of the IP addresses measured no longer support spoofing! Their methodology is simple: have users download a client which attempts to spoof packets to the monitor. Using these packets, they can determine the filter rules. So everyone, download the client and help!"

33 of 211 comments (clear)

  1. Oh yes! by aardwolf64 · · Score: 5, Funny

    Oh yes! Everyone download this executable from known IP Spoofers and run it. It won't root your system, we promise...

    1. Re:Oh yes! by gEvil+(beta) · · Score: 5, Funny

      Well, at least your system would be rooted by people from MIT. It's comforting to know that you've been rooted by some of the best...

      --
      This guy's the limit!
    2. Re:Oh yes! by Anonymous Coward · · Score: 3, Funny

      Don't worry, the posted the md5 hashes of the binaries. As long as the match up, you can rest assured you are safe.

    3. Re:Oh yes! by Duds · · Score: 3, Funny

      It's irrelevent anyway, you're already broadcasting your ip address.

    4. Re:Oh yes! by muftak · · Score: 3, Funny

      makes a change from us lot rooting MIT :)

    5. Re:Oh yes! by jcochran · · Score: 5, Informative

      The "tar xfz spoofer-xxx-0.4.tar.gz" command will work just fine is using GNU tar. However, the "z" option isn't available for the original tar command and frankly the portability of pipelined version is better.

    6. Re:Oh yes! by finkployd · · Score: 3, Insightful

      One of the best ways to detrmine if someone's *ix experience is limited to Linux, or if they have experience with Solaris, AIX, etc. Also how they use ps is a dead givaway.

      Finkployd

  2. Yay! by Renraku · · Score: 5, Funny

    Even you can help the next generation of scammers find an ISP to call home!

    --
    Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
  3. Yes. Yes, I can by no+reason+to+be+here · · Score: 4, Funny

    Oh wait. This isn't an "Ask Slashdot"?

    Nevermind...

    --
    my pet machine
  4. Sounds dangerous by suso · · Score: 4, Insightful

    1. Write a piece of software claiming to help monitor spoofed IP packets but really it does something more sinister.
    2. Post a story to Slashdot with a link to the software on an MIT server and ask people to run it on their internal networks and send the data back to the author.
    3. ???
    4. Profit and say to yourself, "suckers"

    Maybe I'm too paranoid. But this is a good example of how social engineering can be used to get you into places you shouldn't be. I guess the source cod
    e is provided. How many people will really read it?

    1. Re:Sounds dangerous by Anonymous Coward · · Score: 3, Funny
      Maybe I'm too paranoid. But

      No buts, YES, YOU ARE TOO PARANOID!

      Then again, you probably think I am one of them programmers now typing up this cover-up reply.

    2. Re:Sounds dangerous by addaon · · Score: 4, Informative

      Use -frandom-seed.

      --

      I've had this sig for three days.
  5. Packets to my monitor, eh? by ip_freely_2000 · · Score: 4, Funny

    "have users download a client which attempts to spoof packets to the monitor"

    But my monitor does not have an ethernet port! Can I send packets into my DVI port?

  6. I think I speak for most of us when I say... by Phroggy · · Score: 5, Insightful

    ...No.

    Seriously, why would I want to participate in this?

    --
    $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
    $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    1. Re:I think I speak for most of us when I say... by squiggleslash · · Score: 4, Interesting
      I'm having difficulty figuring it out too.

      IP spoofing isn't even a bad thing. There's a work-around that allows two hosts hidden behind NAT gateways to communicate directly with one another by having them both spoof a cooperating proxy. (It goes something like: Host A establishes a UDP link with the proxy, Host B establishes a UDP link with a proxy, Proxy then gives A enough information to allow it to spoof packets as Proxy and send them directly to B, and proxy gives B the information needed to spoof packets from Proxy to A.)

      This is useful in some P2P applications, notably VoIP.

      This is going to break if spoofing some how gets prevented completely, and from what I can figure out, that's what the above system is treating as some kind of "hole" that needs to be fixed.

      --
      You are not alone. This is not normal. None of this is normal.
    2. Re:I think I speak for most of us when I say... by Nazo-San · · Score: 3, Insightful

      It is a hole that needs to be plugged. Any trick you can do with spoofing, you can do without. Yes, it's more work. You could argue that it's easier to run your P2P applications without a firewall since you don't have to go to all that extra trouble to set up the firewall. It's more work, but, you can bet that I'm darned well going to go to the trouble to configure my firewall instead of shutting it off. IP spoofing isn't as dangerous, but, it definitely has its security problems. Overall people are better off without spoofing even for things that can legitimately benefit. It is more work since you'll have to set up real routing or something to compensate, but, it also means some lucky hacker doesn't get to come in and fool your services into thinking he's sitting at a terminal on the LAN. Yeah, great for you if your LAN is so secure that you could trust a hacker on it as much as you could on the Internet, but, most of us are not so convinced that we have THAT much security in place. Plus you have to give up the advantage of being able to trust the LAN anyway.

      Personally, I'll do without the spoofing, thanks.

  7. Spoofage by iXiXi · · Score: 5, Funny

    My packets have spoof all over them ! Anyone have a tissue?

  8. Warning by Kwiik · · Score: 5, Informative

    This took out my wireless network on XP Home SP2 using Microsoft's wireless zero configuration tool for the software side of it. During the spoof portion of the test, all network connectivity halted and immediately reported that the wireless connection had disconnected.

    --
    Vehicle Stars used car search is my current project
  9. Great way to destroy the project by isaacklinger · · Score: 3, Funny

    Getting too many connections from slashdotters...?

  10. If you TRULY want to know... by MindPrison · · Score: 4, Insightful

    ...you can use a network packet monitor, and there's two ways to get your hands on such a device - the cheap...and the expensive way, the expensive way being the safest one (A hardware network monitor = hardware device to look and monitor what's going in/out of your ethernet connection directly connected to your "whatever" device)

    or

    Do the same thing by rigging a second computer, also known as a network monitor. Set up a Linux box...and monitor & control all the ports & packets being delivered to your network, and if you do your homework - you will "know" if that application you just downloaded and executed...truly is honest...and "doesn't phone home...like E.T"... he he he..
    Live and learn kids.

    --
    What this world is coming to - is for you and me to decide.
    1. Re:If you TRULY want to know... by Danny+Rathjens · · Score: 5, Informative

      ... or just run ethereal or tcpdump on your local machine to watch outgoing packets. or just watch from your firewall. You are overcomplicating things. :) or maybe you are just paranoid enough. ;)

  11. It's true by rudy_wayne · · Score: 5, Funny

    Nearly 5 years ago, the great and all knowing Steve Gibson predicted that the raw sockets in Windows XP would allow packet spoofing that would bring down the internet with unstoppable DOS attacks.

    So it must be true.

    1. Re:It's true by Obi-w00t · · Score: 3, Insightful
      Nearly 5 years ago, the great and all knowing Steve Gibson predicted that the raw sockets in Windows XP would allow packet spoofing that would bring down the internet with unstoppable DOS attacks.


      So it must be true.


      I really hope that is sarcasm. Yes, it must be. However some of the other replies are not, which worries me slightly as people don't seem to realise Gibson is the guy behind Spin Rite. Spin Rite, people. Think of that next time you read some of his "advice".

  12. Spoofing has not been a problem for years by Zarhan · · Score: 4, Insightful

    ...every self-respecting network operator has RPF (or some other antispoof-ingressfilter) enabled at the edge. Gone are the days of spoofing, just like respecting IP packet's loose/strict source routing options and other similar exploits :)

  13. Use SELinux (was Re:Sounds dangerous) by giminy · · Score: 3, Informative

    Create an selinux policy to ensure that this software doesn't do anything weird. Give it no access to your filesystem (it shouldn't need it) and ability to use libnet (or whatever it uses to generate the packets). Voilla, paranoia (mostly) gone.

    --
    The Right Reverend K. Reid Wightman,
  14. Obvious ? by Martin+Spamer · · Score: 3, Insightful


    80% of the IP addresses measured no longer support spoofing!

    Given the move to broadband with home routers and NAT it seems obvious that spoofing capable networks are on the decline.

  15. I'll download only if: by psbrogna · · Score: 5, Funny

    These additional demands are met:
    1. a free lollipop.
    2. a car ride deep in the forest

  16. The usefulness of this measurement is questionable by saikatguha266 · · Score: 5, Informative

    The questions is not can an IP be spoofed (yes, it can always be spoofed from somewhere), but rather from where can it be spoofed and to where can it be spoofed to. You can spoof any IP address to another box on your local ethernet segment -- there are no routers en route that can drop the packet. You probably cannot spoof an IP to someone on the other side of the world, but your ISP or your ISP's ISP can. In fact, you can spoof any IP to almost everywhere if you have a connection to one of the few core Internet routers.

    The project basically is saying that home users cannot spoof IPs to their measurement server. That's well and good, but useless.

    Home users no longer need to spoof IPs to hide the source of the attack (as in days past). Home users now are simply trojan/zombie boxes that are hiding the true source of the attack by using their own IP -- no spoofing required. Back when zombies were not a problem, attackers used spoofing to hide their true location; it is no longer required now that boxes can be 0wned with relative ease.

    I don't see the point of this project.

  17. In related news.... by Mayhem178 · · Score: 5, Funny

    ...the other 20% of spoofable IP addresses are reported to be in the possession of Weird Al Yankovic, who, according to US Attorney General Alberto R. Gonzales, is capable of spoofing damn near anything.

    A full-blown investigation is under way to put an end to Weird Al's wild spoofing. Rap legend Coolio has pledged his support in these investigations.

    Weird Al was unavailable for comment, but his assistant did pass along his official response, which was, "Mecha lecha hi, Mecha hiny hiny ho."

    More at 11.

    --

    "You will pay for your lack of vision..." - Emperor Palpatine to Ray Charles

  18. Unique? by iminplaya · · Score: 5, Funny

    Apparently, 80% of the IP addresses measured no longer support spoofing!

    Yes, but how many of those are unique IPs?

    --
    What?
  19. wow by stinky+wizzleteats · · Score: 3, Funny

    Why don't we do something less invasive, like snmpwalk every address on the Internet?

  20. Re:IE? by molarmass192 · · Score: 3, Informative

    Yep, line 429 of spoofer.c in the source code, hardcoded. He should have used the rundll url call instead.

    --

    Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws-Plato
  21. Got Root?! by 955301 · · Score: 4, Funny


    Blockquoth the poster:

    On *nix systems, you must run the spoofer as root (in order to create
    the raw socket) with no arguments, e.g.
          # ./spoofer

    Ahahahahahahah! You're kidding, right?

    --
    You are checking your backups, aren't you?