tags:

views:

574

answers:

4
+2  Q: 

How to fake source ip-address of a udp-packet?

Hi everyone!

Think about the following:
Your ISP offers you a dynamic ip-address (for example 123.123.123.123).

My question is simple (the answer may not be):

Is it possible to send a single udp-packet with an outer source-ip (for example 124.124.124.124) to a fixed-ip server? I don't need to get a answer from the server. I just want to know if/how this one way communication can be done, using a faked source-ip address.

The server and noone else should not be able to find out the real client ip.

I'm sorry for my bad English!
Thanks for you help in advance!

A: 

You will need to have access your ISP Router in order to do that. If you send a raw UDP-Packet with all the information to the other server, the Router will encapsulate it in another Package with your real ip.

jpabluz  2010-03-22 15:23:05
so you think it is not possible?
youllknow  2010-03-22 15:30:32
as @jschoen says, it is not trivial, and it is probably against your ISP's Terms of Service.
jpabluz  2010-03-22 15:41:10
Do you have any idea how to send a enclosed packet (like jschoen says) using C# or C/C++?
youllknow  2010-03-22 16:00:49
I have no idea, but would look first in documentation from a Network Driver, and see if that is possible in your ethernet card... but still I think that encapsulation takes place on the Router, which your network card connects to, so there will be trouble in trying to send a packet without your real-IP information to be sent.
jpabluz  2010-03-22 17:48:14
@jpabluz: A router simply forwards the packets it receives. It may (depending on configuration) discard a packet having an obviously fake source, but as a rule routers do not change the source address. NAT gateways and transparent proxies would. But only a VPN endpoint would actually encapsulate the packet further.
Ben Voigt  2010-03-22 18:15:41
+2  A: 

The UDP packet does not actually have the source(your) IP address. The source IP address is part of the packet it is sent in. So you would have to modify the packet it is enclosed in. So while it is non-trivial, it is possible. The packet structure for UDP, and the enclosing packets for reference.

jschoen  2010-03-22 15:32:35
So I need to set up the hole ipv4 packet (containing the faked ip) and send it to server?
youllknow  2010-03-22 15:41:59
That is correct. Essentially you create a fake packet containing the UDP info, and send that. May I ask why you are trying to do this?
jschoen  2010-03-22 16:14:13
If I'm able to set up a prototype that can perfom the task, I may write a security application as my final year project which allows multiple clients to exchange data over the internet, without someone else knowing that there is a connection between the partners. Do you have any suggestion how to implement sending of the fake packet?
youllknow  2010-03-22 16:47:03
Honestly, I am not sure how do this, and only knew about this because I am taking a Network Security class at the moment. Maybe make another SO question about that, and you might get some suggestions from others.
jschoen  2010-03-22 17:17:19
Thanks a lot! Can you please explain what a SO question is?
youllknow  2010-03-22 17:24:49
SO = StackOverflow
jpabluz  2010-03-22 17:41:31
oh thx! see: http://stackoverflow.com/questions/2494489/how-to-send-raw-data-over-a-network
youllknow  2010-03-22 18:12:16
Be careful, the UDP header does contain the IP address ! Just read a bit more in the article you provide : http://en.wikipedia.org/wiki/User_Datagram_Protocol#Checksum_computation
Jules Olléon  2010-04-11 15:21:29
I found a way to send the manipulated packet (checked with wireshark)... but I assume the ISP drops it... because it cannot be received
youllknow  2010-07-15 21:26:50
A: 

It can be performed using IP-Spoofing... you'll find a lot of information when you google for it!! Thanks to everyone for your help!

youllknow  2010-03-22 20:01:40
A: 

This is IP-spoofing. Unless you ISP is a dodgy russian one, it will probably prevent you from doing that (the first router will just drop the packet because it is suspicious).

If you don't want to be identified you should try to find a proxy supporting UDP...

Or you can buy a botnet. :)

(if you didn't get it, that's a joke, don't do that)

Jules Olléon  2010-04-11 15:04:50

related questions

Windows packet sniffer that can capture loopback traffic?
Sockets and Processes in Java
Getting the Hostname or IP in Ruby on Rails
How do I measure bytes in/out of an IP port used for .NET remoting?
How do I read and write raw ip packets from java on a mac?
Tool for degrading my network connection?
How do you find out which NIC is connected to the internet?
How do you parse an IP address string in C#?
Spread vs MPI vs zeromq?
How do you get the ethernet address using Java?
Leaving your harddrive shared
Should a wireless network be open?
Wifi Management on XP (SP2/SP3)
Broadcast like UDP with the reliability of TCP
Default Routes
Optimizing for low bandwidth
What workshops / user groups / conventions do you attend?
Why is Peer-to-Peer programming a hard topic to obtain good research for?
Boundary Tests For a Networked App
Remoting server auto-discovery. Broadcast or not?
How do I interpret 'netstat -a' output
Default Internet connection on Dual LAN Workstation
Objective-C/Cocoa: How do I accept a bad server certificate?
Easiest way to provide VPN access easily for all client OSes?
How to setup Quality of Service?