0

I have a machine (server) on which I am running IP spoofing tests. All the ports are open on the server and it is on a VPN Network to which I am connected.

The problem is, when I try to send data to the machine on UDP simply using netcat, it works. I am following this particular solution to send data to the machine: https://gist.github.com/sandeshbhusal/c8fa09546ffc076e5103456dd4e3742d

The spoofing code works well on my local machine; I can see the data being sent and received properly. The code stops working when I try to use it on the server (I am using the code exactly as is).

A couple of questions:

  1. Do I need to change the mac addresses in the code? If so, what value should they have?
  2. When I run the code from within the server, tcpdump shows the data being sent but netcat can't see the data. What could the reason be?
Jonathan Hall
  • 75,165
  • 16
  • 143
  • 189
Sandesh Bhusal
  • 31
  • 2
  • Where is `tcpdump` being run? Does it show the datagrams at the receiving interface (the one `netcat` is listening on)? – kostix Feb 24 '21 at 11:59
  • Hello @kostix, yes. Netcat is being run on port 514 (as you can see in the script). I am running a tcpdump on the eth0 interface and sending the spoofed packets through the same interface. However, tcpdump sees the packets (and can show me the contents) but netcat just stays there, motionless. – Sandesh Bhusal Feb 24 '21 at 12:39
  • The default for most network configurations is to drop invalid packets with reverse path filtering. Your server probably does this by default, and I would be surprised if the VPN allowed the packets through at all. – JimB Feb 24 '21 at 14:45
  • Hello @JimB, I thought the reverse path filtering applied to TCP to eliminate large synchronization timeouts in case of DoS Attacks. Do they work with UDP as well? – Sandesh Bhusal Feb 25 '21 at 01:14

0 Answers0