UDP packet spoofed LAN source address?

Robert Bonomi bonomi at mail.r-bonomi.com
Sun Oct 17 17:20:30 UTC 2010


> From owner-freebsd-questions at freebsd.org  Sun Oct 17 00:26:19 2010
> Date: Sat, 16 Oct 2010 21:56:52 -0700
> From: Nerius Landys <nlandys at gmail.com>
> To: FreeBSD Mailing List <freebsd-questions at freebsd.org>
> Subject: UDP packet spoofed LAN source address?
>
> This is really more of a networking question.
> I'm wondering, in a typical scenario, for example my server is in a data
> center with a typical colocation company.
>
> I am editing someone else's code, and this code handles incoming UDP
> packets.  The code handles UDP packets that have a source address being from
> the LAN differently.  It gives those packets special treatment.  To check
> whether a source address is a LAN address, it does the typical checks for
> 10.0.0.0, 172.16.0.0, 192.168.0.0, 127.0.0.0, and it also checks every
> assinged IP address with netmask to see if the source address on the UDP
> packet came from that network.
>
> My question is - how possible (in these typical environments) is it to send
> a UDP packet from far away that claims to have a source address being a LAN
> address?

*VERY* possible.  in fact -trivially- easy.

Note: its trivial to do with TCP packets as well.  however those are usually 
less worrisime because the connection set-up 'handshake' fails.

>          Will such a packet typically make it to my server, or will a
> router along the way stop it from arriving?

Almost invariably, it -will- reach your network, *unless8 YOU do 'ingess 
filtering' at your border to block it.  Doing such ingress filtering is 
a GOOD IDEA(tm), Also  strongly recommended: 'egress filtering' to trap 
anything that tries to exit with an RFC-1918 source address, or a source 
address that is -not- part of your assined netblock.
to your netork.


> Maybe, is there a simple 10 line C program that I can run and compile to
> check if this scenario is possible on _my_ server?

'netcat' has the capability built in.



More information about the freebsd-questions mailing list