spoofing a wireless router's IP address

Sac Arrow

Touchdown! Greaser!
PoA Supporter
Joined
May 11, 2010
Messages
20,643
Location
Charlotte, NC
Display Name

Display name:
Snorting his way across the USA
I have a need to make my Iphone not look like it's in Southeast Asia. I'm aware of the Cydia apps for jailbroken phones but those only work for 3G and I don't want to either jailbreak my phone or use 3G.

I -think- if I can spoof my wireless router's public address that should solve the issue for me, at least at home where the router is. Anybody know how that might be done?
 
You can't change your outside IP address. You need to find a proxy.
 
Spoofing is possible, not likely an easy thing to do with a router. and a semi-successful spoof can bring a network to it's knees. Setup a proxy (and a dynamic DNS if need be) on your home computer and route through it. You can also setup a VPN network (or dial into one). This would have the "spoof effect"
 
Yeah, most ISPs filter out spoofed addresses. Since the early 90s really.

A VPN is the answer if you need to legitimately look like you're coming from "somewhere else".
 
Yeah, most ISPs filter out spoofed addresses. Since the early 90s really.

Ummm "filter it out" meaning that whaever address you make up has to reachable...Ummm OK. There are routing tables that tell the world how to get to you. You don't get to make you own entries.

A VPN is the answer if you need to legitimately look like you're coming from "somewhere else".

Or an http proxy.
 
Ummm "filter it out" meaning that whaever address you make up has to reachable...Ummm OK. There are routing tables that tell the world how to get to you. You don't get to make you own entries.

I've spoofed local IPs on an LAN/WAN before, never on the innarwebz. I imagine if one were good with hacker skillz and routing tables one might be able to do it.

Or an http proxy.

as long as your only concern is http.
 
Last edited:
I've spoofed local IPs on an LAN/WAN before, never on the innarwebz. I imagine if one were good with hacker skillz and routing tables one might be able to do it. ...

The routing tables are propagated with the BGP protocol from routers that only ISPs and upstream providers can update and they have authentication on updates to further ruin the fun.

It's like saying you can hang a sign changing the street address on your house to 1 Madison Avenue, NY, NY. You won't be getting mail at that address.
 
Ummm "filter it out" meaning that whaever address you make up has to reachable...Ummm OK. There are routing tables that tell the world how to get to you. You don't get to make you own entries.
Most likely meaning that they drop requests that have a source address that shouldn't be there. That way your request never even makes it out.

Obviously you wouldn't be getting the response without some pretty talented trickery. But if you can get a packet out - without even worrying about the response - you can raise some hell.
 
I've yet to try it on the Internet, but in theory one could use the IPv4 header "loose source route" (LSR) option to possibly accomplish the desired goal. First, one must set the IPv4 source address to whatever IPv4 address you want to appear to be coming from, then insert the IPv4 loose source route option into the IPv4 options such that at least one of the IP addresses in the route contains your real IPv4 address. Then, so long as your host knows how to intercept the return packets (because your machine doesn't appear as the destination host, just as a router,) your packets can appear to be coming from somewhere else.

All of the above requires a bunch of special software (I write IPv4 and IPv6 stack testing software that does that sort of thing.) It also assumes the target stack responds by inserting the loose source route option into the return packet with the source route reversed. Some stacks do this, some don't, and some it is configurable.

Some firewalls screen out IPv4 packets containing the LSR option. So given all the above, probably not feasible.

Anyway, for what it is worth, that is the one IPv4 source address "spoofing" technique I know of that in theory allows full bidirectional communications with no need to hack into routing tables.
 
The routing tables are propagated with the BGP protocol from routers that only ISPs and upstream providers can update and they have authentication on updates to further ruin the fun.

It's like saying you can hang a sign changing the street address on your house to 1 Madison Avenue, NY, NY. You won't be getting mail at that address.

If you knock the mail man out and take his truck you might :D
 
A web proxy won't work for me because it isn't web acess that's the problem, it's certain apps that require Internet access.

If there isn't a canned, simple solution I won't worry about it because it isn't important enough. I do, however, have access to a work VPN. I'll play around with that. Not sure if I can route Intenet traffic through it.
 
Spoofing is possible, not likely an easy thing to do with a router. and a semi-successful spoof can bring a network to it's knees. Setup a proxy (and a dynamic DNS if need be) on your home computer and route through it. You can also setup a VPN network (or dial into one). This would have the "spoof effect"

Yeah, most ISPs filter out spoofed addresses. Since the early 90s really.

A VPN is the answer if you need to legitimately look like you're coming from "somewhere else".

WE HAVE A WINNER!!!!!!!!!!!!

I just applied the VPN settings from my work laptop and plugged them into my Iphone and voi la! Working like magic!

Thanks!
 
WE HAVE A WINNER!!!!!!!!!!!!

I just applied the VPN settings from my work laptop and plugged them into my Iphone and voi la! Working like magic!

Thanks!


Hmph. Your workplace VPN allows for mobile VPN connections? Or are you going to try to stay on one network while connected?
 
Hmph. Your workplace VPN allows for mobile VPN connections? Or are you going to try to stay on one network while connected?

Yes, we have that capability. I haven't tried it over the 3G network but I'm only using wireless networks anyway with my US phone unless it's a crisis, due to the data charges. But yes I have to stay on one network while connected obviously.
 
But yes I have to stay on one network while connected obviously.

Ah, OK, that is a more traditional VPN. Mobile VPNs allow for "seamless" transition between end-user networks while connected i.e. wireless carrier networks or jumping between wireless access points.

Here's hoping your mobile device is authorized on your company's network :)
 
Ah, OK, that is a more traditional VPN. Mobile VPNs allow for "seamless" transition between end-user networks while connected i.e. wireless carrier networks or jumping between wireless access points.

Here's hoping your mobile device is authorized on your company's network :)

Given that I have final say in the matter, I would say yes.
 
Ummm "filter it out" meaning that whaever address you make up has to reachable...Ummm OK. There are routing tables that tell the world how to get to you. You don't get to make you own entries.

Aww, I'm so old I remember when you could inject your own ASN into your upstream's routers and they wouldn't care. :)

Or an http proxy.

If all you want to do is http... or tunnel everything over http.

80% of my laptop's traffic is ssh. :)
 
Back
Top