Find the answer to your Linux question:
Results 1 to 6 of 6
Hello everyone, I've just written a C program to send an UDP packet out to some other computers with the source IP of my choice (not necessarily the IP of ...
  1. 09-09-2008 #1
    StarGhost
    StarGhost is offline
    Just Joined!
    Join Date
    Nov 2006
    Posts
    16

    Cannot send out packets with spoofed source address

    Hello everyone,

    I've just written a C program to send an UDP packet out to some other computers with the source IP of my choice (not necessarily the IP of my NIC).

    I think the program works fine as I tried tcpdump from local host and see all the created packets in the NIC. However, they do not appear on the machine where the packets should be sent, as I used tcpdump there and did not capture anything.

    The fact was that, if I use the source IP of the same subnet with my NIC, then the packets would appear in the remote machine, otherwise they disappear. So I suppose my local machine must be preventing packets to be sent out with spoofed source IP somehow. Tried to turn off iptables, SELinux as well as to change various options from /proc/sys/net/ipv4 but didn't get any further info, no log, no error messages, etc.

    Can any one give a hint. I'm using Fedora 2.6.22.9-91.fc7.

    Thanks a lot for reading.

    SG.
    Reply With Quote Reply With Quote
  2. 09-09-2008 #2
    RobinVossen
    RobinVossen is offline
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,422
    Can you give us the Source?
    Can you do it using Scapy??
    New Users, please read this..
    Google first, then ask..
    Reply With Quote Reply With Quote
  3. 09-09-2008 #3
    StarGhost
    StarGhost is offline
    Just Joined!
    Join Date
    Nov 2006
    Posts
    16
    Thank you RobinVossen for your consideration.

    I'm afraid I can't give you the source at the moment, but basically it uses raw socket in C with IP_HDRINCL option and the program fill in the IP and UDP headers. So everything should be simple, and my capture has shown that the packets were well formed.

    I've tried Scapy, but the same phenomenon appeared, that is, only packet with source IP of the same subnet with my NIC can be sent out, so I guess it has something to do with system configuration.

    Can you think of any possible applications or kernel options that prevent this, because iptables and SELinux have already been disabled.

    Regards,

    SG.
    Reply With Quote Reply With Quote
  4. 09-10-2008 #4
    RobinVossen
    RobinVossen is offline
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,422
    Umm, it always worked fine in Gentoo for me. What distro do you use?
    New Users, please read this..
    Google first, then ask..
    Reply With Quote Reply With Quote
  5. 09-12-2008 #5
    StarGhost
    StarGhost is offline
    Just Joined!
    Join Date
    Nov 2006
    Posts
    16
    Hi RobinVossen

    I found the problem, it had nothing to do with the Linux box. It was the intermediate router that blocked the packets according to some default rules, so problem fixed.

    Thank you anyway for your consideration.

    Regards,

    SG.
    Reply With Quote Reply With Quote
  6. 09-12-2008 #6
    RobinVossen
    RobinVossen is offline
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,422
    heh, I am known with the Problems.
    Sometimes my own Security Blocks myself from doing Pentests
    New Users, please read this..
    Google first, then ask..
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...