Find the answer to your Linux question:
Results 1 to 6 of 6
Hello everyone, I've just written a C program to send an UDP packet out to some other computers with the source IP of my choice (not necessarily the IP of ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2006
    Posts
    16

    Cannot send out packets with spoofed source address


    Hello everyone,

    I've just written a C program to send an UDP packet out to some other computers with the source IP of my choice (not necessarily the IP of my NIC).

    I think the program works fine as I tried tcpdump from local host and see all the created packets in the NIC. However, they do not appear on the machine where the packets should be sent, as I used tcpdump there and did not capture anything.

    The fact was that, if I use the source IP of the same subnet with my NIC, then the packets would appear in the remote machine, otherwise they disappear. So I suppose my local machine must be preventing packets to be sent out with spoofed source IP somehow. Tried to turn off iptables, SELinux as well as to change various options from /proc/sys/net/ipv4 but didn't get any further info, no log, no error messages, etc.

    Can any one give a hint. I'm using Fedora 2.6.22.9-91.fc7.

    Thanks a lot for reading.

    SG.

  2. #2
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    Can you give us the Source?
    Can you do it using Scapy??
    New Users, please read this..
    Google first, then ask..

  3. #3
    Just Joined!
    Join Date
    Nov 2006
    Posts
    16
    Thank you RobinVossen for your consideration.

    I'm afraid I can't give you the source at the moment, but basically it uses raw socket in C with IP_HDRINCL option and the program fill in the IP and UDP headers. So everything should be simple, and my capture has shown that the packets were well formed.

    I've tried Scapy, but the same phenomenon appeared, that is, only packet with source IP of the same subnet with my NIC can be sent out, so I guess it has something to do with system configuration.

    Can you think of any possible applications or kernel options that prevent this, because iptables and SELinux have already been disabled.

    Regards,

    SG.

  4. #4
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    Umm, it always worked fine in Gentoo for me. What distro do you use?
    New Users, please read this..
    Google first, then ask..

  5. #5
    Just Joined!
    Join Date
    Nov 2006
    Posts
    16
    Hi RobinVossen

    I found the problem, it had nothing to do with the Linux box. It was the intermediate router that blocked the packets according to some default rules, so problem fixed.

    Thank you anyway for your consideration.

    Regards,

    SG.

  6. #6
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    heh, I am known with the Problems.
    Sometimes my own Security Blocks myself from doing Pentests
    New Users, please read this..
    Google first, then ask..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •