weblog d’un abbe


Spoofing on Internet

Filed under: Experiences — Tags: , , — abbe @ 0123

Although it seems like dream to be able to successfully spoof on Internet in 21st century, but I realized this dream, yesterday. Thanks to the cheapest cyber café operator Tata Communications pretending to be an ISP. :)

I’ve a GNU/Linux box connected to the internet, via 2 ADSL internet connections from 2 cyber café operators, namely Airtel Broadband (not cheap), and Tata Communications (cheapest). Airtel Broadband connection is connected to my GNU/Linux box at eth1 interface, and Tata Communications connection is connected to eth2 interface. eth1 is assigned a RFC1918 IPv4 address, whereas eth2 is assigned a static and globally routable IPv4 address. Using eth2‘s address, I’ve setup a 6to4 tunnel, with interface name sit0 for my IPv6 internet addiction.

Now, yesterday I wasn’t able to ping google.com via eth2, though I recieved no ICMP errors from gateway. So I switched my default gateway to eth1. And after this, I’m able to ping google.com :). I thought I should also try ping6 ipv6.google.com though I’m sure that it won’t work, since sit0‘s source address is based on eth2‘s address, which is different from the current default gateway interface’s address, eth1. But to my surprise, it worked. I’m getting ICMP echo replies from ipv6.google.com :).

To confirm further, I tried curl http://ipv6.whatismyipv6.net/ |fgrep 'Your IP is' and I received sit0‘s IPv6 address as output. :). Now, this is confusing. Even though I’m able to send spoofed packets, but how I’m receiving replies of those spoofed packets, if internet connection on eth2 is not working, hmm…? So, I connected to #ipv6@ipv6.chat.freenode.net (being able to IRC over IPv6) to figure out what is happening, and at the same time I started sudo tcpdump -i eth2 proto 41 on another terminal to confirm whether I’m really receiving any IPv6-in-IPv4 packets on eth2 interface. And as expected, I’m getting IPv6 traffic over eth2. I thought maybe Tata Communications‘s connectivity has restored, but no success with sudo ping -I eth2 google.com :(. So I asked p1mrx on #ipv6@ipv6.chat.freenode.net to ping IPv4 address of eth2 and I started sudo tcpdump -i eth2 proto icmp in another terminal. I captured ICMP echo requests sent by h{is,er} box and also captured ICMP echo replies sent from my box. {S,}he confirmed that ping is successful.

CONCLUSION. The cheapest cyber café operator Tata Communications, pretending to be an ISP, is dropping my outbound traffic (TCP, UDP, ICMP echo request) but idiot operator’s dumb clueless retarted (and some more words you can think of…..) cyber café incharges, who never studied IPv4 networks, or don’t know that there is a protocol field (size: 1 byte) in the IPv4 header, which identifies what kind of payload that IPv4 packet is carrying, and has forgot to block all other protocols, ROFL. But why’re they doing this. /me is confused why they’ve blocked. Anyways I’ll call them today. Another reason why they’re retarded….

/me is confused how Indian cyber café operators will become an ISP and transition to IPv6 :(

Create a free website or blog at WordPress.com.