[TriLUG] IP Address spoofing

Igor Partola igor at igorpartola.com
Thu Jan 26 09:43:31 EST 2012


Mystery solved: Seva was correct. The spoofing works only if "spoofer" and
the "spoofee" are on the same subnet.

Looks like I will need something a bit more sophisticated such as an IP in
IP or IP in UDP/IP tunnel. Is anyone aware of such a thing that already
exists? Basically what I am looking to do is the following:

Have Host A listen on a number of UDP ports, then forward all the packets
to Host B:port X. The listener on Host B:port X will strip off the outer IP
(and possibly UDP) header and then spoof the address locally. Then the
original UDP service on Host B can reply directly to original sender. If
such a thing does not exist, would there be any interest in an open source
version of it, since the company I work for (TransLoc Inc), might very well
let me release it.

For those wondering why I'm looking into this: TransLoc tracks buses and
the way they talk to our servers is over UDP, sending short packets with
their location over cellular networks + Internet. Our tracking service then
sends them magic packets back as a sort of acknowledgment that we are
hearing from them. Due to how the devices have the domain name of the
servers semi-hardcoded, we cannot just move the tracking service around,
but we can route the UDP packets around so that eventually they wind up
reaching the tracking server. The biggest issue is that we need to make
sure that the acknowledgments reach devices, which means we have to know
their IP:port. Hence my attempt at spoofing the address of the sender.

Thanks!
Igor



More information about the TriLUG mailing list