How to fake source ip-address of a udp-packet?
Solution 1
The UDP packet does not actually have the source (your) IP address. The source IP address is part of the packet it is sent in. So you would have to modify the packet it is enclosed in. So while it is non-trivial, it is possible. The packet structure for UDP, and the enclosing packets for reference.
Solution 2
This is IP-spoofing. Unless you ISP is a dodgy russian one, it will probably prevent you from doing that (the first router will just drop the packet because it is suspicious).
If you don't want to be identified you should try to find a proxy supporting UDP...
Or you can buy a botnet. :)
(if you didn't get it, that's a joke, don't do that)
Solution 3
If you're ISP employs Egress filtering and they don't control the address block that 124.124.124.124 is on, then no.
If they do control it and expect that to be a valid IP leaving their site, possibly. They might tie IPs to MAC addresses and block this. Maybe not.
You could change the IP of your pc to that address and just use a program to send a udp packet. There's no such thing as a "fake IP". They all in the end do exist. They are either legitimately assigned or not.
Finally I would not suggest taking this action.
Related videos on Youtube
raisyn
Master's Student at Vienna University of Technology Interested in various topics of computer science.
Updated on July 09, 2022Comments
-
raisyn almost 2 years
Think about the following:
Your ISP offers you a dynamic ip-address (for example 123.123.123.123).My question is simple (the answer may not be):
Is it possible to send a single udp-packet with an outer source-ip (for example 124.124.124.124) to a fixed-ip server? I don't need to get an answer from the server. I just want to know if/how this one way communication can be done, using a faked source-ip address.
The server and no one else should not be able to find out the real client ip.
-
raisyn over 14 yearsso you think it is not possible?
-
jpabluz over 14 yearsas @jschoen says, it is not trivial, and it is probably against your ISP's Terms of Service.
-
raisyn over 14 yearsSo I need to set up the hole ipv4 packet (containing the faked ip) and send it to server?
-
raisyn over 14 yearsDo you have any idea how to send a enclosed packet (like jschoen says) using C# or C/C++?
-
Jacob Schoen over 14 yearsThat is correct. Essentially you create a fake packet containing the UDP info, and send that. May I ask why you are trying to do this?
-
raisyn over 14 yearsIf I'm able to set up a prototype that can perfom the task, I may write a security application as my final year project which allows multiple clients to exchange data over the internet, without someone else knowing that there is a connection between the partners. Do you have any suggestion how to implement sending of the fake packet?
-
Jacob Schoen over 14 yearsHonestly, I am not sure how do this, and only knew about this because I am taking a Network Security class at the moment. Maybe make another SO question about that, and you might get some suggestions from others.
-
raisyn over 14 yearsThanks a lot! Can you please explain what a SO question is?
-
jpabluz over 14 yearsI have no idea, but would look first in documentation from a Network Driver, and see if that is possible in your ethernet card... but still I think that encapsulation takes place on the Router, which your network card connects to, so there will be trouble in trying to send a packet without your real-IP information to be sent.
-
raisyn over 14 yearsoh thx! see: stackoverflow.com/questions/2494489/…
-
Ben Voigt over 14 yearsA router simply forwards the packets it receives. It may (depending on configuration) discard a packet having an obviously fake source, but as a rule routers do not change the source address. NAT gateways and transparent proxies would. But only a VPN endpoint would actually encapsulate the packet further.
-
Jules Olléon about 14 yearsBe careful, the UDP header does contain the IP address ! Just read a bit more in the article you provide : en.wikipedia.org/wiki/…
-
raisyn almost 14 yearsI found a way to send the manipulated packet (checked with wireshark)... but I assume the ISP drops it... because it cannot be received
-
Alex about 10 years@raisyn why is it that it cannot be received? How does an ISP detect it to be suspicious?
-
Alex about 10 years@BenVoigt How is an obvious fake source determined?
-
Ben Voigt about 10 years@Alex: Reverse path filtering
-
Alexis Wilke over 7 years@Alex, your ISP happens to know your IP address? If they filter UDP packets, then they can very easily make sure it comes from you and drop anything else.