,,+++:,
_+++::,,,,,::+++_
:+:,- -,:+:
:+,, --,,,,,,,-- ,,++
:+,_ ,:+++- -+++:, _,+
+:, -,+: :+:- _++
-++:,,,,,,,,,:+++ +++, _,+,,,:++-
,+,,- -,++ ++,- +:, :+ -,,+:
,+,- _,,,,,,,_ -,++ ++,- -++- _:+_- -,+,
-:, -,++:+, _,+_++:,- _,+++,_ -,:++_+, ,+,++,- ,:_
_+_ ,+- :+- ,: +,, ,+:_- ,,+ : _+: -:, _+
++- ++ ++- ,+ :++,_ -,++ +- -++ ++- -+
,+- ,+ ++- ,+ ,+:_ _,++__:+, +- -++ +: -+
+,_ ,+: _+_ _:, _++, _:++_ ,:+, ,: _+_ ::, _,+
+:_ _,:+,_ _++,_- _,++ ++,_ _,::+++++::,_ _++
::, _+, :+ _,++ ++,_ --_-- ,::
,+:,- ++_ -,+,,,++_ -++,,- -,:+,
++++:++- ,:+_ -+++++::::+++++
_+, ,,+, ,+,, ,+_
+:, ,,:+++++++++:,, ,++
,+:_- --- -_:+,
++:,_- -_,:++
_+++++++++++_
Timeless logo Copyright © 2000 - Timeless
(ASCII art by Timeless using ASCII Picverter)
.--{ Lessons In Life }--.
/ by Timeless 29 Feb 2000 \
>------------<o>------------<
( )
[ It's human to err, ]
[ We all know this, ]
[ But all is wasted ]
[ When the lesson is missed. ]
( )
> -<o>- <
\___________________________/
----------------------------------------------------------------
the
'YOU HEARD IT HERE FIRST'
column
----------------------------------------------------------------
Spoofing the source address using two Windows 9x computers
by Timeless, 29 Feb 2000
================================================================
The following describes how to send packets into the 'net with a
fake source IP address. The source address being faked will also
mean that no replies will come back your way, so this can only
be used where you don't need to establish a connection with the
server. For example, if you send an ICMP packet with "+++ATH0\n"
in the packet data to a host which uses an older modem, the
modem will disconnect. In case the modem doesn't disconnect, you
don't want the source IP address set to the one you're currently
using because that is traceable all the way back to your phone
line. This spoofing can be achieved without even having to
write your own device drivers to generate IP packets with fake
source addresses. We are going to use Windows 95/98 in this
example. You will need two computers networked together on a LAN,
one will have dial-up access to the 'net. Here's a simple
network diagram of what we need:
+-------------------------------------+
| hostname: lanhost1 |
| IP address on NIC: 123.123.123.123 +-----+
| default gateway: 123.123.123.254 | |
+-------------------------------------+ |
(LAN)
+-------------------------------------+ |
| hostname: lanhost2 | |
| IP address on NIC: 123.123.123.254 +-----+
| default gateway: unset |
| IP forwarding turned on (see below) +---(dial-up)---> ISP
+-------------------------------------+
NOTE:
Please don't use these numbers - they're just examples!
Using private, or non-publicly routed IP addresses won't
necessarily work because some (most?) ISPs filter out any
packets which contain non-publicly routed IP addresses as the
source or destination address. So you will need to use publicly
routed IP addresses for your network interface cards (NICs).
The address ranges to avoid using are:
10.x.x.x (private addresses)
172.16.0.0 to 172.31.255.255 (private addresses)
192.168.x.x (private addresses)
127.x.x.x (used for localhost)
224.x.x.x (reserved for IGMP)
Lanhost1 will be the host which generates the packets. The
packets will be stamped with 123.123.123.123 as the source IP
address. The packets will then be sent to the default gateway,
in this case 123.123.123.254. The default gateway host must be
dialed up to the Internet, and must have IP forwarding turned
on. When the packets arrive at the gateway host, it will
determine that the packets are not destined for itself and that
they should be forwarded on to it's default gateway (which will
now be set to the dial-up device). This means the packets will
be sent out to the Internet, with the source IP address set to
123.123.123.123.
To turn on IP forwarding in Windows 9x (reported to be fairly
unstable in Windows 95, although I have had no problems yet),
you will need to modify the system registry. You do so at your
own risk entirely of course. In fact, you do all of this at
your own risk! You will need to add the following key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP
Then add a data item called:
EnableRouting
and give it a value of 1. After a reboot IP forwarding will be
enabled. Now you can send spoofed packets to the 'net to your
heart's content.
So, I hear you ask, why doesn't my ISP just block all packets
coming in from their access servers which have source addresses
outside of their IP blocks? Well, the answer is all about the
user's choice. Firstly, no ISP can assume they know what you as
an Internet user needs to do on the Internet. They can't block
these kinds of packets because some users may wish to make use
of asynchronous routing. Asynchronous routing is where you
would send packets out through one connection, such as a
dial-up connection, with the source IP address set to that of
your second incoming-only connection to the Internet (such as
a cable modem, satellite link, leased line or even another
async modem). Blocking these packets may stir up quite an
uproar, unless of course your ISP's acceptable use policy does
not allow you to do this.
Windows NT has a check box for turning on IP forwarding in the
network properties dialogue box. Linux allows you to turn this
feature on in the kernel settings.
That's all for this article, maybe I'll dream up something for
the next one. Take care and play nicely.
- Timeless
[.]
----------------------------------------------------------------
Disclaimer: The information provided here is for educational
purposes only! You are not encouraged to use this information
AT ALL, EVER! If you do so, then you do it entirely at your own
risk, and you personally accept all responsibilities for your
actions.
----------------------------------------------------------------