IP spoofing

IP spoofing

[Farshad]

Just a naive question:
using netfilter, is it possible to grab a packet and change its IP source address and then reinject it as if it has been sent from another source?

thanks!



_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!

Re: IP spoofing

[Peteris Krumins]

Thursday, April 10, 2003, 11:26:45 PM, you wrote:

F> Just a naive question:
F> using netfilter, is it possible to grab a packet and change
F> its IP source address and then reinject it as if it has been
F> sent from another source?

Yes it is possible.
You can use ip_queue - queue the packets to userspace, change whatever
you want, recalculate checksum yourself and reinject it back.

Tho, my tests indicate that if the link is too loaded and your code is
not fast enough (sometimes even with nop) the netlink socket overflows
causing packet drops.

I tried tuning the netlink socket increasing the buffer size, but
after some time it overflowed anyway.


P.Krumins

Re[2]: IP spoofing

[Peteris Krumins]

Friday, April 11, 2003, 12:10:04 AM, you wrote:

PK> Thursday, April 10, 2003, 11:26:45 PM, you wrote:

F>> Just a naive question:
F>> using netfilter, is it possible to grab a packet and change
F>> its IP source address and then reinject it as if it has been
F>> sent from another source?

PK> Yes it is possible.
PK> You can use ip_queue - queue the packets to userspace, change whatever
PK> you want, recalculate checksum yourself and reinject it back.

PK> Tho, my tests indicate that if the link is too loaded and your code is
PK> not fast enough (sometimes even with nop) the netlink socket overflows
PK> causing packet drops.

PK> I tried tuning the netlink socket increasing the buffer size, but
PK> after some time it overflowed anyway.

oops, i read your question wrong. I though you wanted to change the
contents of the packet while it is traversing.


P.Krumins