spoofing a wireless router's IP address

Sac Arrow

Sac Arrow

Touchdown! Greaser!
Joined
May 11, 2010
Messages
20,345
Location
Charlotte, NC
Display Name
Display name:
Snorting his way across the USA
I have a need to make my Iphone not look like it's in Southeast Asia. I'm aware of the Cydia apps for jailbroken phones but those only work for 3G and I don't want to either jailbreak my phone or use 3G.

I -think- if I can spoof my wireless router's public address that should solve the issue for me, at least at home where the router is. Anybody know how that might be done?
 
You can't change your outside IP address. You need to find a proxy.
 
Spoofing is possible, not likely an easy thing to do with a router. and a semi-successful spoof can bring a network to it's knees. Setup a proxy (and a dynamic DNS if need be) on your home computer and route through it. You can also setup a VPN network (or dial into one). This would have the "spoof effect"
 
Yeah, most ISPs filter out spoofed addresses. Since the early 90s really.

A VPN is the answer if you need to legitimately look like you're coming from "somewhere else".
 
denverpilot said:
Yeah, most ISPs filter out spoofed addresses. Since the early 90s really.
Click to expand...

Ummm "filter it out" meaning that whaever address you make up has to reachable...Ummm OK. There are routing tables that tell the world how to get to you. You don't get to make you own entries.

denverpilot said:
A VPN is the answer if you need to legitimately look like you're coming from "somewhere else".
Click to expand...

Or an http proxy.
 
mikea said:
Ummm "filter it out" meaning that whaever address you make up has to reachable...Ummm OK. There are routing tables that tell the world how to get to you. You don't get to make you own entries.
Click to expand...

I've spoofed local IPs on an LAN/WAN before, never on the innarwebz. I imagine if one were good with hacker skillz and routing tables one might be able to do it.

Or an http proxy.
Click to expand...

as long as your only concern is http.
 
Last edited:
bartmc said:
I've spoofed local IPs on an LAN/WAN before, never on the innarwebz. I imagine if one were good with hacker skillz and routing tables one might be able to do it. ...
Click to expand...

The routing tables are propagated with the BGP protocol from routers that only ISPs and upstream providers can update and they have authentication on updates to further ruin the fun.

It's like saying you can hang a sign changing the street address on your house to 1 Madison Avenue, NY, NY. You won't be getting mail at that address.
 
mikea said:
Ummm "filter it out" meaning that whaever address you make up has to reachable...Ummm OK. There are routing tables that tell the world how to get to you. You don't get to make you own entries.
Click to expand...
Most likely meaning that they drop requests that have a source address that shouldn't be there. That way your request never even makes it out.

Obviously you wouldn't be getting the response without some pretty talented trickery. But if you can get a packet out - without even worrying about the response - you can raise some hell.
 
I've yet to try it on the Internet, but in theory one could use the IPv4 header "loose source route" (LSR) option to possibly accomplish the desired goal. First, one must set the IPv4 source address to whatever IPv4 address you want to appear to be coming from, then insert the IPv4 loose source route option into the IPv4 options such that at least one of the IP addresses in the route contains your real IPv4 address. Then, so long as your host knows how to intercept the return packets (because your machine doesn't appear as the destination host, just as a router,) your packets can appear to be coming from somewhere else.

All of the above requires a bunch of special software (I write IPv4 and IPv6 stack testing software that does that sort of thing.) It also assumes the target stack responds by inserting the loose source route option into the return packet with the source route reversed. Some stacks do this, some don't, and some it is configurable.

Some firewalls screen out IPv4 packets containing the LSR option. So given all the above, probably not feasible.

Anyway, for what it is worth, that is the one IPv4 source address "spoofing" technique I know of that in theory allows full bidirectional communications with no need to hack into routing tables.
 
mikea said:
The routing tables are propagated with the BGP protocol from routers that only ISPs and upstream providers can update and they have authentication on updates to further ruin the fun.

It's like saying you can hang a sign changing the street address on your house to 1 Madison Avenue, NY, NY. You won't be getting mail at that address.
Click to expand...

If you knock the mail man out and take his truck you might :D
 
A web proxy won't work for me because it isn't web acess that's the problem, it's certain apps that require Internet access.

If there isn't a canned, simple solution I won't worry about it because it isn't important enough. I do, however, have access to a work VPN. I'll play around with that. Not sure if I can route Intenet traffic through it.
 
bartmc said:
Spoofing is possible, not likely an easy thing to do with a router. and a semi-successful spoof can bring a network to it's knees. Setup a proxy (and a dynamic DNS if need be) on your home computer and route through it. You can also setup a VPN network (or dial into one). This would have the "spoof effect"
Click to expand...

denverpilot said:
Yeah, most ISPs filter out spoofed addresses. Since the early 90s really.

A VPN is the answer if you need to legitimately look like you're coming from "somewhere else".
Click to expand...

WE HAVE A WINNER!!!!!!!!!!!!

I just applied the VPN settings from my work laptop and plugged them into my Iphone and voi la! Working like magic!

Thanks!
 
Sac Arrow said:
WE HAVE A WINNER!!!!!!!!!!!!

I just applied the VPN settings from my work laptop and plugged them into my Iphone and voi la! Working like magic!

Thanks!
Click to expand...


Hmph. Your workplace VPN allows for mobile VPN connections? Or are you going to try to stay on one network while connected?
 
alaskaflyer said:
Hmph. Your workplace VPN allows for mobile VPN connections? Or are you going to try to stay on one network while connected?
Click to expand...

Yes, we have that capability. I haven't tried it over the 3G network but I'm only using wireless networks anyway with my US phone unless it's a crisis, due to the data charges. But yes I have to stay on one network while connected obviously.
 
Sac Arrow said:
But yes I have to stay on one network while connected obviously.
Click to expand...

Ah, OK, that is a more traditional VPN. Mobile VPNs allow for "seamless" transition between end-user networks while connected i.e. wireless carrier networks or jumping between wireless access points.

Here's hoping your mobile device is authorized on your company's network :)
 
alaskaflyer said:
Ah, OK, that is a more traditional VPN. Mobile VPNs allow for "seamless" transition between end-user networks while connected i.e. wireless carrier networks or jumping between wireless access points.

Here's hoping your mobile device is authorized on your company's network :)
Click to expand...

Given that I have final say in the matter, I would say yes.
 
mikea said:
Ummm "filter it out" meaning that whaever address you make up has to reachable...Ummm OK. There are routing tables that tell the world how to get to you. You don't get to make you own entries.
Click to expand...

Aww, I'm so old I remember when you could inject your own ASN into your upstream's routers and they wouldn't care. :)

mikea said:
Or an http proxy.
Click to expand...

If all you want to do is http... or tunnel everything over http.

80% of my laptop's traffic is ssh. :)
 
You must log in or register to reply here.
Back
Top