As part of the hacking contest I am participating in, level 39 involves IP address spoofing. It requires a UDP request to be sent to a particular server but the request should appear, to this server, to have come from a specific IP provided by them. Crafting the actual packet is quite trivial when you have tools like Scapy at your disposal, however, ensuring the crafted packet actually reaches its destination is far from trivial.
IP Header
----------------------------------------------------- | Version | IHL | TOS | Total length | ----------------------------------------------------- | Identification | Flags | Fragment offset | ----------------------------------------------------- | TTL | Protocol | Header checksum | ----------------------------------------------------- | ----> Source IP address <---- | ----------------------------------------------------- | Destination IP address | ----------------------------------------------------- | Options and padding | -----------------------------------------------------
The “problem” (it’s actually a good thing) being that most ISPs these days employ egress filtering on their border routers. The egress filter is a check on outbound traffic. The filter looks at the source IP address in the IP header to check that the packet is coming from within its own network. If the source IP doesn’t belong to its network, the packet is dropped.
For now, the only alternative (legal) seems to be to try to somehow get access to an ISP that doesn’t egress filter its traffic and send the packet from there.
Leave a Reply