Faking an IP address

I have a few redirects setup to fake my referrer, but I was wondering if there is any way to fake an ip address? I'm pretty sure the address is attached to a packet on layer 1 (just before the packet leaves your modem) so I'm guessing you can't. Just thought I'd ask to be sure. Thanks!

Yeah i don't think you can, by the very nature of TCP/IP which HTTP uses

No you cannot do it easily.

You can easily do it if communication is restricted to a ringed network or even plain old wifi, at which point you are deceiving the router.

However on the internet, it is your router and/or modem that have to deceive. If you have the all the need information about your ISP you could mod your modem, but that is not easy.

This can be done with some custom programming . . . we do it now for some guys in the PPC arb biz.

Don't like to correct you Monster, but that's definitely not possible.

The technique to change an IP address to any other address is called spoofing.
grodt was correct, the TCP protocol which is used for http/https can not be spoofed due to the three-way-handshake every new connection has to make to become established.

So even if you change the IP, you can not make a valid connection. It would be blocked at kernel level in the so called tcp/ip-stack (and many routers do not even allow spoofed packets to leave the local network)

No you cant do this, lets say you do modify the headers at layer 3 and change the source ip address.. the receiving device will receive the packet and then send the data back using the destination ip of the originiating packet, in this case an ip that isnt yours.

There are ways to spoof your ip address using proxy servers obviously, but just plain out modifying your source ip address isnt going to work.

Does anyone know if at&t home and business dsl lines will pull from different pools of ip addresses? or could conflict?

i have 2 posters trying to set up lines with at&t without using the same ips

i don't know where to even post this question--i've looked all over the forum for proxy information, nothing related to my question:

how do you "mask" your downloads? do most people use proxies? and what about programs/applications that require pinging to detect identity? don't some authors require authentication of some sort before proceeding with their programs?

in orther words, how EXACTLY is everyone pulling this off without detection?

if i am in the wrong department, please lead me to the promised land.....

Only using UDP can you "spoof" an IP. TCP/IP doesn't allow spoofing cause the negotiation process using the protocols (Ftp, http, https, etc.) all require a handshake.

Consider UDP to be somebody screaming out in the middle of your neighborhood "Anybody want to go to a Party? Go to SharePro's house..."

Nobody actually knocks on your front door - rather all they do is use a bull horn to announce a party. That is UDP, and that is the reason it can be spoofed.

However, TCP/IP cannot be spoofed specifically because the negotiation is different. It's almost like somebody showing up at your front door - knocking on your door - and identifying himself before you open the door. Before you open the door, the visitor is recognized, hence his/her IP is revealed.

The only way to get around this is proxys.

ramenraider said:

I have a few redirects setup to fake my referrer, but I was wondering if there is any way to fake an ip address? I'm pretty sure the address is attached to a packet on layer 1 (just before the packet leaves your modem) so I'm guessing you can't. Just thought I'd ask to be sure. Thanks!

Click to expand...

If you are on a DOCSIS cable network you can mod your modem and re-route your traffic to a different regional node (not sure how to properly call them), allowing you to register as a different IP on the ISP's internal network, majority of people use it to get better/faster service packages from their providers, but it can be used for many things... lately there been lots of new developments on the community, especially with the SB5100 custom firmware, unfortunately more and more service providers upgrade to DOCSIS 3.0 that fixes a lot of those "holes" but I'm sure there will be a work around for those limitations too.

If you're interested in learning how to mod your modem and get more knowledge of the cable network, you can visit
hxxp://www.sbhacker.net/
hxxp://www.theoryshare.com/

I should note that its not sufficient to get a MAC addr that doesn't appear on your node, you also need to have the matching certificate for BPI auth and this can take some effort to get and it will require you to manually flash it onto the modems flash... ultimately if you manage to get it working it can provide you with around 9 different IP's daily and unlimited speed / bandwidth from your ISP, just change the MAC and your good as new.

Hope it helps somebody.

lol @ this thread, ip spoofing has been around for years but it takes a bit more than people realize, you can spoof but it relies on a lot of technical knowledge and advanced concepts like working with the stack to see if it has predictable frame identifiers etc.

to make it easier you can have relays on the spoofed ip's or such techniques as MITM.

so considering you are asking the question.. no you cant!

there is no scriptkiddie ip spoofing software that works to the best of my knowledge. If you are super keen for some reason, get a *nix based router with modifiable firmware and get reading about the tcp/ip stack

linkme said:

lol @ this thread, ip spoofing has been around for years but it takes a bit more than people realize, you can spoof but it relies on a lot of technical knowledge and advanced concepts like working with the stack to see if it has predictable frame identifiers etc.

to make it easier you can have relays on the spoofed ip's or such techniques as MITM.

so considering you are asking the question.. no you cant!

there is no scriptkiddie ip spoofing software that works to the best of my knowledge. If you are super keen for some reason, get a *nix based router with modifiable firmware and get reading about the tcp/ip stack

Click to expand...

In short, TCP/IP cannot be spoofed. Only UDP. Theoretically, p2p using udp protocol would be great for spoofing IP's cause nobody would know the origin of the files. It's like calling out (broadcasting) for a file on a bullhorn and servers reply with the file - yet using UDP - can spoof their origin. That's a great example of spoofing.

But again, TCP/IP is not possible. Changing your modem or mac address does not change your IP address. Your ISP gives you the IP network address. It's external, not internal.

I should note that its not sufficient to get a MAC addr that doesn't appear on your node, you also need to have the matching certificate for BPI auth and this can take some effort to get and it will require you to manually flash it onto the modems flash... ultimately if you manage to get it working it can provide you with around 9 different IP's daily and unlimited speed / bandwidth from your ISP, just change the MAC and your good as new.

Click to expand...

Okay, this is f'n retarded. Why did you waste your time writing such bullshit?

An ISP is like a apartment building address and your IP address is just a specific apartment within the apartment building. The router of the ISP is the mailman. You cant spoof the physical buildings address. All packets come to the ISP's router. The ISP is a network that distributes to you your IP address. You dont tell the ISP what IP you want. The radius server and dhcp/static configuration of the router is what defines your IP.

Maximum you can play games with your own physical mailbox and make other tennants in the building think your address "1a" when your actually apartment "1b". That is where playing with Mac addresses can fit in. You can be in a office using a windows machine and if you clone your mac address, you can "steal" packets. In other words, steal packets intended for a different computer. Playing with Mac addresses is only good for hacking on a private network, not a public world wide web network.

Stealing internet access via wireless pops, or sniffing networks, etc., is not to be confused with spoofing. Spoofing is making the destination think your source IP is something other than it really is.

A good example of spoofing an IP address is so that you can upload music in Europe but make the RIAA think that the uploading/downloading is actually happening from the MPAA's or US Gov servers. That is total anonymity.

Problem is that TCP/IP doesn't support it. Only UDP. But seriously - don't mislead readers with bullshit cause they read to learn. Unless you've got the experience, it's best to ask questions instead of write a bunch of misleading info.

SharePro said:

You dont tell the ISP what IP you want. The radius server and dhcp/static configuration of the router is what defines your IP.

Click to expand...

As I noted above, I was talking about Cable internet providers, running the DOCSIS standard. Those networks use CMTS which is similar to DSLAM (RAS Server) divided into geographical areas where the cable network is spread.
The whole concept behind uncapping is registering with a MAC address that doesn't appear on your local CMTS allowing to gain access to the internet.
Unlike DSL, Cable networks use MPLS mechanism to route their traffic, due to fast performance and lower overhead compared to ATM's mechanism used by most of the DSL providers.
The major flaw of MPLS is that you don't have as much visibility over the data for traffic management, and this where modded modems comes to play.

SharePro said:

Stealing internet access via wireless pops, or sniffing networks, etc., is not to be confused with spoofing. Spoofing is making the destination think your source IP is something other than it really is.

Click to expand...

For the majority of cable internet users you don't have the ability to get a new IP if you want to because the CMTS negotiates directly with the DHCP to assign a valid IP from the IP Pool (There are different dhcp servers depending on the diversity of ISPs available to a given cable network) by using your modems MAC address (The ISP's RADIUS server updates the CMTS's regularly with valid MAC addresses and their respective packages, also known as cable modem configuration files).

In short, after the Cable modem send the dhcp discovery packet, the cmts passes it through to all the dhcp servers (much like different ISPs on a given cable network, although its inaccurate) available, but only the one who has the modems MAC address (sent in the CHADDR field of the dhcp offer packet) responds with a correct dcp offer, resulting in dhcp ack, the final phase of the registration.
The RADIUS servers in this case, are used to make sure that there is no duplicates of MAC address, and making roaming a lot easier.

Again, its not like sending a packet from IP X.X.X.X as a packet from X.X.X.Y rather than making you appear as somebody's else CPE, but its a great way to achieve what the OP has asked to do with the referrals.

Think of it as of masquerading yourself as your neighbor. Most of ISPs provide up to 9 CPEs per MAC address, meaning you can get up to 8 different IPs registered under somebody else name without kicking him off the network.

wow.

what did i unleash?

i heartily apologize to all who provided an extremely detailed description. let me rephrase my question, because i think i've led people astray:

there is a "download" category on this forum. how are people taking advantage of all these "downloads" without their IP address being tracked as the recipient of these "downloads" (that just happened to fall off the back of the truck, if you know what i mean....)????

in addition, many products usually have some kind of verification to "call back home" after you have downloaded. obviously, if i got mine from the back of the truck, how do i get around this?

i'm sure this is basic stuff that someone, somewhere on this forum has already answered (a sticky, perhaps)....i just can't find it.

Can anyone help me?

outlook said:

wow.

what did i unleash?

i heartily apologize to all who provided an extremely detailed description. let me rephrase my question, because i think i've led people astray:

there is a "download" category on this forum. how are people taking advantage of all these "downloads" without their IP address being tracked as the recipient of these "downloads" (that just happened to fall off the back of the truck, if you know what i mean....)????

in addition, many products usually have some kind of verification to "call back home" after you have downloaded. obviously, if i got mine from the back of the truck, how do i get around this?

i'm sure this is basic stuff that someone, somewhere on this forum has already answered (a sticky, perhaps)....i just can't find it.

Can anyone help me?

Click to expand...

Lets seperate the question. If its a case of web access, then the answer is simple. PROXYS. Use this --> http://www.torproject.org/

However, if its a case of applicational software that doesn't necessarily require a web browser, yet automatically "calls home", then your going to need to learn how to edit the C:\windows\system32\drivers\etc\hosts file. Takes 2 minutes to learn.

http://kickenhardware.net/forum/showthread.php?t=3006
http://www.accs-net.com/hosts/how_to_use_hosts.html

Cheers,
SharePro

alrighty then!!

thank you, share.

btw, you've got the makings of a good business idea. a website gallery of famous people made to look like other unlikely famous people. george is a hoot. you could do a riff on the folks in government, for starters. then head to the entertainment world. then to the sports world (tiger as......never mind......). no telling where you could end up.

i'd visit.

might go viral. $$$$. (how many times--although he was damn cute--can you watch a kitty do "soooo big")

I don't think you can.. but I guess since you're asking this you aren't interested in proxies?