[TriLUG] IP Address spoofing

Seva Adari oddissyus at gmail.com
Wed Jan 25 12:13:55 EST 2012 

I am not very clear on the setup. I am thinking that 174.36.X.X is public
IP, so
is it possible that your main interface ip address and the alias ip address
are on different subnets? If they are then that could be an issue.

On Wed, Jan 25, 2012 at 8:09 AM, Igor Partola <igor at igorpartola.com> wrote:

> Morning TriLUG!
>
> Due to a variety of reasons I have a need to spoof IP addresses of UDP
> packets over a hosting provider's network (SoftLayer). The main use case is
> that a hostname is being moved from one box to another, but the UDP traffic
> still needs to end up on the original server and the original server needs
> to be able to talk to the IP:port that sent to original packet back.
>
> Having done the fun part of writing a packet sniffer and spoofer, I am no
> running into some interesting issues. First a little about the setup. Let's
> say I have boxes Alpha and Beta and the domain name example.com, which
> used
> to be on Alpha but is now moving to Beta. The ifconfig on Alpha looks like
> so:
>
> eth1      Link encap:Ethernet  HWaddr 00:00:00:00:00:00
>          inet addr:174.36.X.X  Bcast:174.36.Z.Z  Mask:255.255.255.248
>          ...
>
> eth1:1    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
>          inet addr:174.36.Y.Y  Bcast:174.36.255.255  Mask:255.255.255.255
>          ...
>
> The service that listens to the UDP packets normally runs on 174.36.Y.Y. I
> set up my sniffer/spoofer to forward packets from Beta:main IP =>
> 174.36.Y.Y, but no traffic comes through (according to tcpdump). However,
> if I set it up as Beta:main IP => 174.36.X.X, it works like a charm. Of
> course if I disable the spoofing and just forward the packets either
> address works.
>
> My question is, why would spoofing the IP address work on the "real" eth
> interface, but not on the virtual one?
>
> Thanks in advance!
> Igor
> --
> This message was sent to: oddissyus at gmail.com <oddissyus at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/oddissyus%40gmail.com
> TriLUG FAQ          :
> http://www.trilug.org/wiki/Frequently_Asked_Questions
>

More information about the TriLUG mailing list