IP address spoofing/changing for testing on local machine

Question

I am trying to limit traffic to my website so that people trying to screenscrape mass amounts of data will be blocked after a while. I am supposed to do this based on the ip of the incoming request. I believe i have this ip limiting functionality written but im stumped on how i can test this. I need to be able to change my ip address many times(to simulate valid traffic). I also need to test >20 different ips so a proxy solution for each one will not work for me.

Iam testing the code on my local machine(linux, ubuntu) so i can change my server settings(apache) if i need to for this test.

Does anyone have any ideas on how i can do this?

Im behind a corporate network so i cannot change mac address/arp settings to be "re-assigned" a new ip. I was hoping for some sort of localhost ip changing type thing, where i could take advantage of the fact that the server and client were the same machine.

Also i was just trying to avoid changing the code before it is rolled out to production servers, but that maybe the best way to do it.

Answer 1

There are many ways you can test this. The easiest way imo would be to create a list of ARP entries where the IP addresses you are impersonating point to the MAC address of the server. You could then write a simple app that sets the src address to each of the impersonated IP addresses, connect and send whatever HTTP request you want. The server should reply just fine.

Answer 2

I'm not exactly sure if this is what you are looking for, but I had to spoof my MAC address so I could get a new IP to get around a download quota at my university. Changing the MAC resulted in a new IP. there is a program in the standard ubuntu repositories called "macchanger" just run that with the correct option ("-r" for random) and then specify the device. like so.

sudo macchanger -r eth0

Networking has to be disabled when you do this. you can do this by right clicking the networking icon and unchecking the "enable networking" box.

Answer 3

Well, what you could do is instead of actually checking the IP do something like this:

$ip = '1337.1337.1337.1337';

Instead of:

$ip = $_SERVER['REMOTE_ADDR']

And then go on to do your IP checking code.

So then when you are done you could make your $ip variable code look like this:

//$ip = '1337.1337.1337.1337';
$ip = $_SERVER['REMOTE_ADDR']

So you can easily turn on and off the "debug switch"

EDIT:

Or even make the IP dynamic:

$ips = Array('192.168.1.220', '120.843.592.86', '256.865.463.563');
$ip = $ips[rand(1,count($ips)-1)];

Answer 4

You want to consider doing this at the firewall level (if not the corp border firewall than a SW firewall on your host). There are many situations where an abusive host can still take down or affect performance on your site if you are only limiting them at the application level. They are still consuming sockets on and web server worker threads even though you end up rejecting them. You may even have some code that has some expense before the IP check. It really all depends on how lightweight your application is, but one thing is sure, a firewall, whether hardware or sw, can block unruly clients way more efficiently than your application can.

Answer 5

This answer is probably overkill for this application, but I like using tcpdump / libpcap, winpcap, and raw sockets for generating traffic. You not only have great control over the volume going to and from your application, you learn a lot about what you can expect firewall/traffic filter settings to do for you and what kinds of traffic is being blocked that you didn't expect (or that you don't want blocked).

Answer 6

You can easily do that by running the following command on linux:

ifconfig eth0:0 127.0.0.2
ifconfig eth0:1 127.0.0.3
etc... (creating fake local interfaces)

You may have to configure apache to listen on those ips if you're not listening on 0.0.0.0 (all interfaces), then you can directly access those IPs.

If you want to use other ips, you can easily do that too, but remember to remove them once your tests are done.

This will only work from your local machine, to your local machine.