Checking if your server can spoof IPs
by MrBr - November 15, 2019 at 11:45 PM
#1
This is a micro tutorial, mainly because its super easy to do. You need two servers for best results to test your ability to spoof IPs. PLEASE USE THIS METHOD INSTEAD OF THE CAIDA PROJECT CHECKER!!

On the new server (Server A), install scapy. This is usually accomplished by:
apt-get install python-scapy
or
following the instructions on scapy dot net (its super easy to install)

On your second server (Server B), have tcpdump running on a unique port, like 12399. Again, install is crazy easy:
apt-get install tcpdump

To test spoofing abilities:
SERVER A: 111.222.333.444 This is our spoof box's real IP
SERVER B: 444.444.444.444 This is our listener box's real IP

On SERVER B you're gonna setup a listener box by typing this:
tcpdump -i any -nnn port 12399 -c 1000

On SERVER A (spoofed box)  you're gonna type this command INSIDE OF SCAPY.
spoof = IP(src=" 1.3.3.7", dst="444.444.444.444")/TCP(sport=12399,dport=12399)/"lolz"

send(spoof, count=1000)

If you're lucky you got a bunch of output on Server B. Congrats you can spoof everything!

If you're not lucky, you need to try again, but like this:
SERVER A type a revised scapy command using the server's real address, with a wildcard at the end:
spoof = IP(src="111.222.333.*", dst="444.444.444.444")/TCP(sport=12399,dport=12399)/"lolz"

Notice what we're doing? We scaled the spoofing back to try and just spoof the /24 or only 255 ips, you can keep replacing *'s until you get to src="*.*.*.*" to find your actual spoofing abilities.

Best of all, you will be keeping things off of Caida's radar and help preserve some of the hosts that are still spoofing. Hope this helps!


  --------                   ---------
|      A     |   ----->   |      B      |
| 1.3.3.7 |              | I hear it  |
|             |              |              |
  --------                   ---------
Reply
#2
Thanks for share...let's try this spoofing method
Reply
#3
Nice share, thanks for reminding me of this trick!
Reply
#4
sleak, thanks..........................
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
How to spoof an Email Address quickly! Tipot 170 12,168 November 25, 2021 at 02:32 AM
Last Post: Lorton
How to secure your servers and how to know how your bank is securing theirs tredres 1 445 May 31, 2020 at 04:36 AM
Last Post: 53n0p4t1
Exchange Your Ether For Bitcon Directly From Your Blockchain Wallet 2018 JuNaiD™ 0 783 August 20, 2018 at 09:53 AM
Last Post: JuNaiD™

 Users browsing this thread: 1 Guest(s)