Lib.rs

Network programming
#ipv4 #udp #tcp-udp #tcp #api-bindings

ip-spoofing

Library to send fake IPv4 headers & UDP/TCP-SYN packets to perform L3/L4 attacks

Owned by StackOverflowExcept1on.

1 unstable release

0.1.0 Jan 31, 2023

#46 in #ipv4

MIT license

11KB
177 lines

ip-spoofing

Build Status Latest Version Documentation

asciicast

Library to send fake IPv4 headers & UDP/TCP-SYN packets to perform L3/L4 attacks

In short, this library allows you to spoof your IP address on the network. For a better understanding, it is recommended to read the article from cloudflare: The real cause of large DDoS - IP Spoofing

It can be done on the L3 (network layer) of the OSI model

Today, not all ISPs check the integrity of IPv4 headers. Therefore, in a real network, there are 2 options for spoofing IP addresses:

  1. network level IP spoofing

    e.g. you have a server with the address 195.174.232.102, and the provider owns the IP range 195.174.224.0 - 195.174.239.255, this means that you can use any address from the range

  2. unlimited IP spoofing

    this allows you to spoof any ip address, you can pretend you own the address 8.8.8.8 (Google Public DNS)

The only limitation of spoofing is that you can send packets, but you cannot receive a response from the server.

You can check if this library works on your local network. To attack real networks, you need a specific provider that allows one of 2 spoofing options.

Code samples

You can see other code samples in the examples/ directory.

use ip_spoofing::{self, RawSocket, ReusablePacketWriter};

/// This example shows how to generate fake UDP packet
/// that delivers `b"hey"` bytes from "8.8.8.8:1234" to "127.0.0.1:5678".
///
/// I.e. the attacker changes its IPv4 address to 8.8.8.8 (Google Public DNS)
fn main() -> ip_spoofing::Result<()> {
    let socket = RawSocket::new()?;
    let mut writer = ReusablePacketWriter::new();

    socket.send_fake_udp_packet(
        &mut writer,
        [8, 8, 8, 8],   //source IPv4 address
        1234,           //source port
        [127, 0, 0, 1], //destination IPv4 address
        5678,           //destination port
        b"hey",         //data
        64,             //TTL on most Linux machines is 64
    )?;

    Ok(())
}

Dependencies

~5MB
~105K SLoC