Can You Spoof IP Packets?

nweaver writes "Spoofed IP packets are still believed to be a significant problem for the Internet. But are they? The Spoofer Project is attempting to measure the problem. Apparently, 80% of the IP addresses measured no longer support spoofing! Their methodology is simple: have users download a client which attempts to spoof packets to the monitor. Using these packets, they can determine the filter rules. So everyone, download the client and help!"

Oh yes!

[aardwolf64]

Oh yes! Everyone download this executable from known IP Spoofers and run it. It won't root your system, we promise...

Yay!

[Renraku]

Even you can help the next generation of scammers find an ISP to call home!

Yes. Yes, I can

[no reason to be here]

Oh wait. This isn't an "Ask Slashdot"?

Nevermind...

Packets to my monitor, eh?

[ip_freely_2000]

"have users download a client which attempts to spoof packets to the monitor"

But my monitor does not have an ethernet port! Can I send packets into my DVI port?

Re:Sounds dangerous

[Anonymous Coward]

Maybe I'm too paranoid. But

No buts, YES, YOU ARE TOO PARANOID!

Then again, you probably think I am one of them programmers now typing up this cover-up reply.

Spoofage

[iXiXi]

My packets have spoof all over them ! Anyone have a tissue?

Re:Oh yes!

[gEvil (beta)]

Well, at least your system would be rooted by people from MIT. It's comforting to know that you've been rooted by some of the best...

You'll be spoofed!!

[eclectro]

It's a collaboration between Slashdot and MIT to finally get adware on Linux machines.

Re:Oh yes!

[Anonymous Coward]

Don't worry, the posted the md5 hashes of the binaries. As long as the match up, you can rest assured you are safe.

Great way to destroy the project

[isaacklinger]

Getting too many connections from slashdotters...?

It's true

[rudy_wayne]

Nearly 5 years ago, the great and all knowing Steve Gibson [grc.com] predicted that the raw sockets in Windows XP would allow packet spoofing that would bring down the internet with unstoppable DOS attacks.

So it must be true.

Re:Oh yes!

[Duds]

It's irrelevent anyway, you're already broadcasting your ip address.

Try tenets, as in a belief

[PitaBred]

He's talking about the tenants of the Internet architecture in his introduction... should I assume he means the electrons, or the switches?

Re:Oh yes!

[muftak]

makes a change from us lot rooting MIT :)

Have they tried . . .

[Orange Crush]

Are the spoofed packets' evil bits set to 1?

I'll download only if:

[psbrogna]

These additional demands are met:
1. a free lollipop.
2. a car ride deep in the forest

In related news....

[Mayhem178]

...the other 20% of spoofable IP addresses are reported to be in the possession of Weird Al Yankovic, who, according to US Attorney General Alberto R. Gonzales, is capable of spoofing damn near anything.

A full-blown investigation is under way to put an end to Weird Al's wild spoofing. Rap legend Coolio has pledged his support in these investigations.

Weird Al was unavailable for comment, but his assistant did pass along his official response, which was, "Mecha lecha hi, Mecha hiny hiny ho."

More at 11.

Unique?

[iminplaya]

Apparently, 80% of the IP addresses measured no longer support spoofing!

Yes, but how many of those are unique IPs?

Spoofing is still a HUGE problem where I am.

[weeboo0104]

I've been checking IP addresses on all the workstations around me and every one of them has 127.0.0.1 entered. I can't believe our internet even works here!

 

wow

[stinky wizzleteats]

Why don't we do something less invasive, like snmpwalk every address on the Internet?

Re:Oh yes!

[Anonymous Coward]

You ARE aware that you can post something intended for TWO audiences? One, that gets the joke, and another - you fit in here - that does not. Technical forums are the best - because someone like you, who thinks they know everything, will come along and "set me straight."

The md5sum of this post is: a1701b65a107c9a92958acdb29e6fdef

Re:Have they tried . . .

[Architect_sasyr]

Not long after Fyodor put out the freebie chapter for how to own a continent, I looked into the process of spoofing a full TCP connection.

I felt it prudent to follow the RFC's and set said evil bit. So now I have a DoS tool with the evil bit...

If spoofing is no longer valid, then someone has a hell of a lot of explaining to do as to why this tool works so well...

Re:Oh yes!

[Pollardito]

this is the part where we find out the hard way that some hackers have bought mlt.edu isn't it?

seriously, a month from now we're going to find out that this was really some sort of security study to determine the true power of the herd mentality on Slashdot

Re:Oh yes!

[Anpheus]

I checked, and that only works if I don't include the md5sum of your post in your post. This is clearly an error on your part. Please run your post through a program until it actually has an md5post within it that represents it.

Got Root?!

[955301]

Blockquoth the poster:

On *nix systems, you must run the spoofer as root (in order to create
the raw socket) with no arguments, e.g.
      # ./spoofer

Ahahahahahahah! You're kidding, right?

In other news

[Anonymous Coward]

A new social engineering experiment has been set up where people are encouraged to download a program which reports back to home with the results to see how many people will idly run any program they are told to. To make it more interesting users are told they must give the program full access to their system (known as "root" in geek terms) for it to work. Results of this experiment will be out tommorow!