Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to fake source ip-address of a udp-packet?

Tags:

Think about the following:
Your ISP offers you a dynamic ip-address (for example 123.123.123.123).

My question is simple (the answer may not be):

Is it possible to send a single udp-packet with an outer source-ip (for example 124.124.124.124) to a fixed-ip server? I don't need to get an answer from the server. I just want to know if/how this one way communication can be done, using a faked source-ip address.

The server and no one else should not be able to find out the real client ip.

like image 519
raisyn Avatar asked Mar 22 '10 15:03

raisyn


People also ask

Can you fake source IP address?

IP spoofing enables an attacker to replace a packet header's source IP address with a fake, or spoofed IP address. The attacker does this by intercepting an IP packet and modifying it, before sending it on to its destination.

Does UDP packet have source IP?

It's true that neither UDP or TCP headers include a source address, but that's because they don't have to: source address is already included in the header of the encapsulating transport protocol, which in this case would be the IP header.

Can UDP be spoofed?

IP spoofing is a method in which TCP/IP or UDP/IP data packets are sent with a fake sender address. The attacker uses the address of an authorized, trustworthy system. In this way, it can inject its own packets into the foreign system that would otherwise be blocked by a filter system.

How does UDP find IP?

When IP delivers a UDP datagram, the host checks the port number and delivers the data to the corresponding application. In this way, UDP provides simple multiplexing over IP to allow a host to send and receive data on multiple distinct ports.


2 Answers

The UDP packet does not actually have the source (your) IP address. The source IP address is part of the packet it is sent in. So you would have to modify the packet it is enclosed in. So while it is non-trivial, it is possible. The packet structure for UDP, and the enclosing packets for reference.

like image 191
Jacob Schoen Avatar answered Nov 12 '22 14:11

Jacob Schoen


This is IP-spoofing. Unless you ISP is a dodgy russian one, it will probably prevent you from doing that (the first router will just drop the packet because it is suspicious).

If you don't want to be identified you should try to find a proxy supporting UDP...

Or you can buy a botnet. :)

(if you didn't get it, that's a joke, don't do that)

like image 45
Jules Olléon Avatar answered Nov 12 '22 16:11

Jules Olléon