Skip to content

Instantly share code, notes, and snippets.

@scramblr
Last active June 7, 2024 13:01
Show Gist options
  • Save scramblr/df1732ef118206f0fb882a4eba003e18 to your computer and use it in GitHub Desktop.
Save scramblr/df1732ef118206f0fb882a4eba003e18 to your computer and use it in GitHub Desktop.
Testing for IPHM (IP Header Modification) AKA IP Spoofing WITHOUT CAIDA
------------------[ Requirements to test for IP Spoofing ]------------------
1.) Server (Throw-Away) That Simply needs to run tcpdump.
2.) Server that you suspect/hope can IP Spoof AKA has IPHM IP Header Modification turned on.
On both servers we'll be running:
apt-get update
apt-get install net-tools bind9-dnsutils inetutils-tools tcpdump graphviz python3-scapy -y
apt-get install python3-scapy -y
- OR -
yum update
yum install tcpdump net-tools bind-utils python-pip -y
easy_install pip # dont worry if this one doesn't work.
pip install scapy
------------------[ END REQUIREMENTS. ]------------------
------------------[ Commands to run on each server to test for IP Spoofing ]------------------
You will be opening two terminals, side by side. One for SERVER ONE, and one for SERVER TWO.
====[ SERVER ONE ]====
You will run, as root:
tcpdump -i eth0 -nnv icmp -c 5000
====[ SERVER TWO ]====
You will run, as root:
server# scapy
After scapy loads, you'll scroll to the bottom of this command and swap out YOUR_SERVER_HERE with the IP address from SERVER ONE.
After that's complete, paste this into scapy:
-------------[ PASTE TEXT BELOW INTO SCAPY ON SPOOF SERVER ]-------------
import random
def randomIP():
ip = ".".join(map(str, (random.randint(0, 255)for _ in range(4))))
return ip
send(IP(src=RandIP(),dst="YOUR_SERVER_HERE")/ICMP()/"SPOOFTESTICMP",count=5000)
quit()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment