Can you 'fake' an IP address?

Robert Brockway robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org
Tue Mar 13 13:33:55 UTC 2012 

On Mon, 12 Mar 2012, Thomas Milne wrote:

> I swear I had read in discussions on here before that it was
> impossible to 'fake' an IP address. You could hide behind someone
> elses, ie. use a zombie or proxy or something, but in the end your IP
> is your IP, right?

Hi Thomas.  It is possible.  It's called IP spoofing.  In general it is 
difficult to do successfully.  One way TCP connections protect against 
spoofing is to make their connection sequence numbers difficult to 
predict.

Many years ago the method used to generate TCP sequence numbers in the BSD 
network code was found to be much more easily predicted that previously 
thought.  Anyone using BSD network code was potentially vulnerable.  That 
turned out to be pretty much everyone and over a period of weeks/months 
every susceptible OS had its networking code patched to fix the problem.

One problem with IP spoofing is that the responding system will respond to 
the system being spoofed, not the one doing the spoofing (after all, that 
is who it thinks it is talking to).  So the spoofing system must either:

(a) not need response packets to do its evil work
(b) intercept the responses to do its evil work
(c) guess the responses and respond blindly, to do its evil work

Spoofing can be generally defeated by appropriately strong cryptographic 
signing of data (at L3, L4 or even higher).

Spoofing is a big topic as the chances of success and impact vary a lot 
depending on what the baddie is doing and what they are trying to achieve.

There is a lot of info available online on this interesting topic.

Cheers,

Rob

-- 
Email: robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org         Linux counter ID #16440
IRC: Solver (OFTC & Freenode)
Web: http://www.practicalsysadmin.com
Director, Software in the Public Interest (http://spi-inc.org/)
Free & Open Source: The revolution that quietly changed the world
"One ought not to believe anything, save that which can be proven by 
nature and the force of reason" -- Frederick II (26 December 1194 – 13 
December 1250)

More information about the Legacy mailing list