[p2p-hackers] Spoofing source address to tunnel through
address-restricted/symmetric NAT
Matthew Kaufman
matthew at matthew.at
Mon Jun 20 15:40:10 UTC 2005
In the general case this won't work, because odds are (extremely) high that
the ISP the "other clients" are attached to is doing filtering that won't
allow their spoofed-source UDP packets to reach the destination.
This has been a "best practice" for ISPs for years now (see the NANOG
archives to find out just how many years), so is nearly universally
deployed, especially on consumer broadband networks (and university
networks) where the potential for abuse is highest.
Actually trying this is easy if you can generate raw IP datagrams (requires
root on a Unix machine (including MacOS X), can't be done without driver
work on older Windows, is easy on XP, is limited in what you can generate on
XP SP2)... After all, the IP and UDP header just isn't that complicated to
synthesize.
You would, of course, also need a UDP-based transport protocol that you
could modify to work this way and which wasn't dependent on the source
address for demultiplexing who it was talking to... after all, everyone who
makes it through their ISP's filters will have the same source address, and
that's typically how you figure out "who this packet came from". The amicima
MFP protocol (which we hope to release in just a few more weeks in
open-source form) would work, since it doesn't rely on the source address to
demultiplex incoming datagrams to the associated sessions as a side effect
of its IP address mobility capability.
Matthew Kaufman
matthew at matthew.at
www.amicima.com
More information about the P2p-hackers
mailing list