UDP packet spoofed LAN source address?
Robert Bonomi
bonomi at mail.r-bonomi.com
Sun Oct 17 17:20:30 UTC 2010
> From owner-freebsd-questions at freebsd.org Sun Oct 17 00:26:19 2010
> Date: Sat, 16 Oct 2010 21:56:52 -0700
> From: Nerius Landys <nlandys at gmail.com>
> To: FreeBSD Mailing List <freebsd-questions at freebsd.org>
> Subject: UDP packet spoofed LAN source address?
>
> This is really more of a networking question.
> I'm wondering, in a typical scenario, for example my server is in a data
> center with a typical colocation company.
>
> I am editing someone else's code, and this code handles incoming UDP
> packets. The code handles UDP packets that have a source address being from
> the LAN differently. It gives those packets special treatment. To check
> whether a source address is a LAN address, it does the typical checks for
> 10.0.0.0, 172.16.0.0, 192.168.0.0, 127.0.0.0, and it also checks every
> assinged IP address with netmask to see if the source address on the UDP
> packet came from that network.
>
> My question is - how possible (in these typical environments) is it to send
> a UDP packet from far away that claims to have a source address being a LAN
> address?
*VERY* possible. in fact -trivially- easy.
Note: its trivial to do with TCP packets as well. however those are usually
less worrisime because the connection set-up 'handshake' fails.
> Will such a packet typically make it to my server, or will a
> router along the way stop it from arriving?
Almost invariably, it -will- reach your network, *unless8 YOU do 'ingess
filtering' at your border to block it. Doing such ingress filtering is
a GOOD IDEA(tm), Also strongly recommended: 'egress filtering' to trap
anything that tries to exit with an RFC-1918 source address, or a source
address that is -not- part of your assined netblock.
to your netork.
> Maybe, is there a simple 10 line C program that I can run and compile to
> check if this scenario is possible on _my_ server?
'netcat' has the capability built in.
More information about the freebsd-questions
mailing list