From nobody Thu Feb 2 10:49:57 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P6wYb1m0wz3csVy for ; Thu, 2 Feb 2023 10:50:43 +0000 (UTC) (envelope-from sambuddho@iiitd.ac.in) Received: from mail-qk1-x72a.google.com (mail-qk1-x72a.google.com [IPv6:2607:f8b0:4864:20::72a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P6wYZ1Kt3z433h for ; Thu, 2 Feb 2023 10:50:42 +0000 (UTC) (envelope-from sambuddho@iiitd.ac.in) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=iiitd.ac.in header.s=google header.b=QHnEiYwQ; spf=pass (mx1.freebsd.org: domain of sambuddho@iiitd.ac.in designates 2607:f8b0:4864:20::72a as permitted sender) smtp.mailfrom=sambuddho@iiitd.ac.in; dmarc=none Received: by mail-qk1-x72a.google.com with SMTP id 135so736512qkh.13 for ; Thu, 02 Feb 2023 02:50:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iiitd.ac.in; s=google; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=tJ928vXOR4gZBwUbOfPmi5P74Xn/WmuOdWCe91GGqB0=; b=QHnEiYwQ2yxw84D9GZ1YZ+2xHrj1fvYH9CkyBt3cM25a0BN/PFnPCnfR2YjPIwAqEK rkx5rEqweMnI7HAivpAsvq8XMMabZE510iVmVNaYn+GoQzXmsl93ezdVEd7VVZYbZLYP ibhx9XoZAzPIXO5rC/ZT7XQVtnwsOfGUt7m5g= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=tJ928vXOR4gZBwUbOfPmi5P74Xn/WmuOdWCe91GGqB0=; b=uRUIx05TW57VSc8nJuvz2oF2VdrUrAcE9jNZfXxlOy2xPNHwzwFxwJRuXDxAf8vU3J HIBqG/Md4HMHPsin+u/hm3jDOfogct0bYwiKGyjS4uNrc9ravHKsBIYWd1ZpomNr0rRk V6Nrojw45iQQmdZEHUKPuhr8BLKK/fWv4LkDfUDC3dFIaeeAJhztn2zgVESpow/Er4Cv 0yUm9aSOhiquyMzQABzkDKFqb4snhg/ouo97z/gzgOQAd8cpZwXG9QCDKbS6p4N67Y8f B4XLSAFnVgQ8z32S2kxYKV61qXRr7TXpzzb2kSA7TBCsDeAODt4tsgFbZOKUF4UKPJ3s 4y7w== X-Gm-Message-State: AO0yUKVybazwSwSwENxs9QyLXLXk3mR/ImxhKNscekejRcyXZhdwe9q5 Izxe/+ubsv0rQ+ngFB7WX0/fyKF6pd+SfAqfScc2NWKUKHXokCEp X-Google-Smtp-Source: AK7set81USzHOfhk5alu98yH4q4tTY6XukgdRYMS83N6F6V9aJliJcuW4E0koYM6oJn0aQgtGpRxqFGP8uTo5oeJJ6g= X-Received: by 2002:ae9:f40b:0:b0:71b:fdf5:c825 with SMTP id y11-20020ae9f40b000000b0071bfdf5c825mr500121qkl.266.1675335041246; Thu, 02 Feb 2023 02:50:41 -0800 (PST) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 From: Sambuddho Chakravarty Date: Thu, 2 Feb 2023 16:19:57 +0530 Message-ID: Subject: Re: help regarding IP address spoofing (when using nmap) To: freebsd-security@freebsd.org Content-Type: multipart/alternative; boundary="0000000000000384a005f3b55664" X-Spamd-Result: default: False [-2.50 / 15.00]; FAKE_REPLY(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; R_DKIM_ALLOW(-0.20)[iiitd.ac.in:s=google]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::72a:from]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; MIME_TRACE(0.00)[0:+,1:+,2:~]; DKIM_TRACE(0.00)[iiitd.ac.in:+]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; DMARC_NA(0.00)[iiitd.ac.in]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Queue-Id: 4P6wYZ1Kt3z433h X-Spamd-Bar: -- X-ThisMailContainsUnwantedMimeParts: N --0000000000000384a005f3b55664 Content-Type: text/plain; charset="UTF-8" Hi All I am a relatively newbie to FreeBSD (earlier was running Linux). I am running FreeBSD 13.1. I am trying to run nmap with source IP address spoofing (for some academic purposes). It works fine with Linux but on FreeBSD I get the following error: # nmap -e re0 -S 192.168.17.92 -sS 143.110.249.18 -p 8080 -Pn Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-02 16:04 IST NSOCK ERROR [0.0170s] mksock_bind_addr(): Bind to 192.168.17.92:0 failed (IOD #1): Can't assign requested address (49) NSOCK ERROR [0.0170s] mksock_bind_addr(): Bind to 192.168.17.92:0 failed (IOD #2): Can't assign requested address (49) It works fine without the source spoofing but doesn't when I use it. I can however use my own machine's source IP address with the '-S' option. -- best, sambuddho --0000000000000384a005f3b55664 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi All
=C2=A0I am a relatively newbie to FreeBSD (earlier was running
Linux). I am running= FreeBSD 13.1.=C2=A0

I am trying to run nmap with source IP address spoofing=C2=A0
=
(for some acad= emic purposes). It works fine with Linux=C2=A0
but on FreeBSD I get the following er= ror:

=
#=C2=A0n= map -e re0 -S 192.168.17.92 -sS 143.110.249.18=C2=A0 -p 8080 -Pn
Starting Nmap 7.93 = ( https://nmap.org ) at 2023-02-02 16:04 I= ST
NSOCK ERROR [0.0170s] mksock_bind_addr(): Bind to 192.168.17.92:0 failed (IOD #1): Can't assign reque= sted address (49)
NSOCK ERROR [0.0170s] mksock_bind_addr(): Bind to 192.168.17.92:0 failed (IOD #2): Can'= ;t assign requested address (49)


It works fin= e without the source spoofing but doesn't when I use
it. I can however use my ow= n machine's source IP address with
the '-S' option.

--
best,
sambuddho
--0000000000000384a005f3b55664-- From nobody Thu Feb 2 13:29:47 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P705D20Nzz3c6J9 for ; Thu, 2 Feb 2023 13:29:52 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P705D05Zpz4LxW for ; Thu, 2 Feb 2023 13:29:52 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Authentication-Results: mx1.freebsd.org; none Received: by mail-io1-xd32.google.com with SMTP id r6so723826ioj.5 for ; Thu, 02 Feb 2023 05:29:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=net; h=in-reply-to:content-disposition:mime-version:references:reply-to :message-id:subject:cc:to:date:from:from:to:cc:subject:date :message-id:reply-to; bh=LXHW3nTn75A3tl9XUhlR4npF7qIpheuNHj9bPsw2X/I=; b=KnzuGwHnN9g0QQ554uuotkKTj6mvUwyUhGcOVT2nBD71nrfuQ5/6H5FAcu8kD8+gld hDtrlSCgsDv5XHMkXSaMai6xrDgXOPKEuQp+Rd5XRJUqey588m1LU2qQqh1Tg9JqyCoi 6+IXnAa2M1uCRXeqIgABUK1czHbwEnGNuBje4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:reply-to :message-id:subject:cc:to:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LXHW3nTn75A3tl9XUhlR4npF7qIpheuNHj9bPsw2X/I=; b=xqOZiNu8cBmUf5KyUtunUNoqBIU1eRDzUL0flZ47z1PPYQECE1pOyFjPiGtrajFvSH fLa5f51lmlTPYVPDT6yGzQJ+mx/qDIq9gnVmwX9GMTmbIKzpyz/ErlNZEJsj5jEEFvhy QL1VMW6q2JkDnwZZ2LBgE7MPbaGHnOzUrHF/wTwh8iN2++SFbMszLJf7NkKZeUhLGuzs X4dfgRPQoGmTCtXg+BAHbK39IBHaqnv6iehJXTCw4RVQWYCu8DmR3K2CuKHHIL9mL4KP EjurzK/zJTrJ5IRMdbJovmRNMZ6W3KEnj6s3hSgOuRxLMmTfwvrziVP3IvMx4E+x3LjO VC6w== X-Gm-Message-State: AO0yUKUbJAbTukRM+N3wPALC41UrhC7ooBw0Q3+R3axXWEyMpCGr94v2 stTMSqjEU7NIFq2To2mtHU5XevM0TJlIuufO X-Google-Smtp-Source: AK7set8KBqcwTARR47YwL6PZRHKjYELXKBHCRCqZ1pPAXiL5wEll/y7zPV3PZb0Q1pomoAjtwJqefA== X-Received: by 2002:a5d:9807:0:b0:71b:cd72:192d with SMTP id a7-20020a5d9807000000b0071bcd72192dmr3955895iol.20.1675344590528; Thu, 02 Feb 2023 05:29:50 -0800 (PST) Received: from radix.local ([65.30.32.77]) by smtp.gmail.com with ESMTPSA id bm10-20020a05663842ca00b003a2e9dda8e9sm7050618jab.132.2023.02.02.05.29.48 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 02 Feb 2023 05:29:48 -0800 (PST) From: "J. Hellenthal" X-Google-Original-From: "J. Hellenthal" Received: by radix.local (Postfix, from userid 502) id E80E2309654A05; Thu, 2 Feb 2023 07:29:47 -0600 (CST) Date: Thu, 2 Feb 2023 13:29:47 +0000 To: Sambuddho Chakravarty Cc: freebsd-security@freebsd.org Subject: Re: help regarding IP address spoofing (when using nmap) Message-ID: Reply-To: jhellenthal@DataIX.net References: List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="uTDDRqFycOv2T37O" Content-Disposition: inline In-Reply-To: X-OpenPGP-Key-Id: 0x32EEFB045CE0A708 X-OpenPGP-Key-Fingerprint: 781B 622C 0AA6 FDF8 B46F 3B31 32EE FB04 5CE0 A708 X-Rspamd-Queue-Id: 4P705D05Zpz4LxW X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N --uTDDRqFycOv2T37O Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 02, 2023 at 04:19:57PM +0530, Sambuddho Chakravarty wrote: > Hi All > =A0I am a relatively newbie to FreeBSD (earlier was running > Linux). I am running FreeBSD 13.1.=A0 > I am trying to run nmap with source IP address spoofing=A0 > (for some academic purposes). It works fine with Linux=A0 > but on FreeBSD I get the following error: > #=A0nmap -e re0 -S 192.168.17.92 -sS 143.110.249.18=A0 -p 8080 -Pn > Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-02 16:04 IST > NSOCK ERROR [0.0170s] mksock_bind_addr(): Bind to 192.168.17.92:0 fail= ed > (IOD #1): Can't assign requested address (49) > NSOCK ERROR [0.0170s] mksock_bind_addr(): Bind to 192.168.17.92:0 fail= ed > (IOD #2): Can't assign requested address (49) > It works fine without the source spoofing but doesn't when I use > it. I can however use my own machine's source IP address with > the '-S' option. > -- > best, > sambuddho sudo(8) or su(1) ? An address should also be assigned to a interface for it to be bound to. --=20 The fact that there's a Highway to Hell but only a Stairway to Heaven says = a lot about anticipated traffic volume. --uTDDRqFycOv2T37O Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQFUBAEBCAA+FiEEeBtiLAqm/fi0bzsxMu77BFzgpwgFAmPbusogFIAAAAAAFgAB amhlbGxlbnRoYWxARGF0YUlYLm5ldCEACgkQMu77BFzgpwjuBAgAjk+xf1w1TxdG nf8V9I+YYjfanuZrnrz0kr//RjppPE5nwL5nD/k/tjGRK4gaBW3cyZMDIUIKBMhJ 3lD+Cb/5WtObFGh8ARuBdJl0z9IB56OipUZWLPdKIyaYazD8gbPgjZ2wqlhHzDsK kK1KFibIngaC0AJBdBfun3tsEG5aim6I2obRJXV1JWQsrqOCMsLC2c0IYohgCrEt sKEdvlNe4ZKmOVd+uDwdtBeMVsyz1GGfRYxuLoY32oXAeJY+SlmX39TQjV+svFf6 KQlqzd3SpvgCokkR4zTX5GvibKY/QfUbxF18aSTlV14V49k3BMzdjLA/DMogoDpW SYSKXmEdzQ== =+2Q8 -----END PGP SIGNATURE----- --uTDDRqFycOv2T37O-- From nobody Thu Feb 2 14:38:46 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P71cz55fzz3fJnH for ; Thu, 2 Feb 2023 14:38:59 +0000 (UTC) (envelope-from sambuddho@iiitd.ac.in) Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P71cz1W7lz4Zt2 for ; Thu, 2 Feb 2023 14:38:58 +0000 (UTC) (envelope-from sambuddho@iiitd.ac.in) Authentication-Results: mx1.freebsd.org; none Received: by mail-qt1-x834.google.com with SMTP id m12so2009601qth.4 for ; Thu, 02 Feb 2023 06:38:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iiitd.ac.in; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=SYhzbjvru+9I/UixmM/3SyVf1buPqbOW7h2mRgdSlz0=; b=Fo53AdNT0Itu+YnJoWc38ZpUYGcRO7jq5v0SM1i6Jt0jQhXoHWeNDEHVoj7UwY1YpV 5HLZ6+zs8DEfvaR7u4TeJkNs8W+st8YBScIY8XOWnDpLmM27X5VASmhHrtbNvCVPQ+J1 VeCG7FlP2LKIaXakvvDseZRWfpcT/1cEZZvdo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=SYhzbjvru+9I/UixmM/3SyVf1buPqbOW7h2mRgdSlz0=; b=G7qkii230Qgan1xyviPG4t4JFESIg469duDHsHu4tVdK4yrh87oIAabOXeWOL0baNp r/Cuy5I9sbpCJpv5Nx/4y/xO/3ksOnMzZcEfush9c30Ixt2+zd+8HLg//lp+mg4vISIP UBsxlARgy/FkjdGGW5ke+tlWcrtM2dTg/d0nKwMah7O4eJL8sXKcRnVo9LuEaL4VMT56 1PSCEaY+a915ejrUZZf8g4XhNjcRllfWGkgB+qtr4ZBss6+ZJ8d4Q2vlCyi+1i2yaIc8 ASmKrwfr+UD0AjMBhlajXO6wkoWC62Tw//Soq/rAJO9BCq2xfODcxr7CRsHZ6MH9XT1Y DB+Q== X-Gm-Message-State: AO0yUKX/f8A73T+tPdqBcO+mjotFM+rFRACoz8irrZRKvH0oSkknjC5+ aI78NNyVqg8c+GEISJ4ooKKPJcswXBCpVCgAANwiC0nJ1UClc52+ X-Google-Smtp-Source: AK7set+f7FCwLxzEMA8URIsdhcPQCOHDgmH59tq2THpVunObWTKt6bAQFLTvVvvgayyV70Y2tEM4WHZrQq3UCwphWrk= X-Received: by 2002:ac8:5846:0:b0:3b9:b9e1:3335 with SMTP id h6-20020ac85846000000b003b9b9e13335mr586747qth.314.1675348737953; Thu, 02 Feb 2023 06:38:57 -0800 (PST) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 References: In-Reply-To: From: Sambuddho Chakravarty Date: Thu, 2 Feb 2023 20:08:46 +0530 Message-ID: Subject: Re: help regarding IP address spoofing (when using nmap) To: jhellenthal@dataix.net Cc: freebsd-security@freebsd.org Content-Type: multipart/alternative; boundary="00000000000066ad0d05f3b8860b" X-Rspamd-Queue-Id: 4P71cz1W7lz4Zt2 X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N --00000000000066ad0d05f3b8860b Content-Type: text/plain; charset="UTF-8" It was running as root only... Also, no the address didn't belong to the interface, and I was spoofing it... So is there no way to spoof packet IP addresses ? On Thu, 2 Feb 2023, 18:59 J. Hellenthal, wrote: > On Thu, Feb 02, 2023 at 04:19:57PM +0530, Sambuddho Chakravarty wrote: > > Hi All > > I am a relatively newbie to FreeBSD (earlier was running > > Linux). I am running FreeBSD 13.1. > > I am trying to run nmap with source IP address spoofing > > (for some academic purposes). It works fine with Linux > > but on FreeBSD I get the following error: > > # nmap -e re0 -S 192.168.17.92 -sS 143.110.249.18 -p 8080 -Pn > > Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-02 16:04 IST > > NSOCK ERROR [0.0170s] mksock_bind_addr(): Bind to 192.168.17.92:0 > failed > > (IOD #1): Can't assign requested address (49) > > NSOCK ERROR [0.0170s] mksock_bind_addr(): Bind to 192.168.17.92:0 > failed > > (IOD #2): Can't assign requested address (49) > > It works fine without the source spoofing but doesn't when I use > > it. I can however use my own machine's source IP address with > > the '-S' option. > > -- > > best, > > sambuddho > > sudo(8) or su(1) ? > > An address should also be assigned to a interface for it to be bound to. > > -- > The fact that there's a Highway to Hell but only a Stairway to Heaven says > a lot about anticipated traffic volume. > --00000000000066ad0d05f3b8860b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
It was running as root only...

Also, no the address didn't belong to the interface,= =C2=A0 and I was spoofing it...

So is there no way to spoof packet IP addresses ?

=
On Thu, 2 = Feb 2023, 18:59 J. Hellenthal, <jhellenthal@dataix.net> wrote:
On Thu, Feb 02, 2023 at 04:19:57PM +0530, Sambuddho Chakravarty wrote:=
>=C2=A0 =C2=A0 Hi All
>=C2=A0 =C2=A0 =C2=A0I am a relatively newbie to FreeBSD (earlier was ru= nning
>=C2=A0 =C2=A0 Linux). I am running FreeBSD 13.1.=C2=A0
>=C2=A0 =C2=A0 I am trying to run nmap with source IP address spoofing= =C2=A0
>=C2=A0 =C2=A0 (for some academic purposes). It works fine with Linux=C2= =A0
>=C2=A0 =C2=A0 but on FreeBSD I get the following error:
>=C2=A0 =C2=A0 #=C2=A0nmap -e re0 -S 192.168.17.92 -sS 143.110.249.18=C2= =A0 -p 8080 -Pn
>=C2=A0 =C2=A0 Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-= 02 16:04 IST
>=C2=A0 =C2=A0 NSOCK ERROR [0.0170s] mksock_bind_addr(): Bind to 192.168.17.92:0 failed
>=C2=A0 =C2=A0 (IOD #1): Can't assign requested address (49)
>=C2=A0 =C2=A0 NSOCK ERROR [0.0170s] mksock_bind_addr(): Bind to 192.168.17.92:0 failed
>=C2=A0 =C2=A0 (IOD #2): Can't assign requested address (49)
>=C2=A0 =C2=A0 It works fine without the source spoofing but doesn't= when I use
>=C2=A0 =C2=A0 it. I can however use my own machine's source IP addr= ess with
>=C2=A0 =C2=A0 the '-S' option.
>=C2=A0 =C2=A0 --
>=C2=A0 =C2=A0 best,
>=C2=A0 =C2=A0 sambuddho

sudo(8) or su(1) ?

An address should also be assigned to a interface for it to be bound to.
--
The fact that there's a Highway to Hell but only a Stairway to Heaven s= ays a lot about anticipated traffic volume.
--00000000000066ad0d05f3b8860b-- From nobody Thu Feb 2 14:48:34 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P71rG0h37z3fZZS for ; Thu, 2 Feb 2023 14:48:46 +0000 (UTC) (envelope-from joey@joeykelly.net) Received: from marsh.redfishnetworks.com (redfishnetworks.com [45.56.101.157]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4P71rD71Qjz3CT3 for ; Thu, 2 Feb 2023 14:48:44 +0000 (UTC) (envelope-from joey@joeykelly.net) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=redfishnetworks.com header.s=default header.b=wIcdBkdJ; spf=pass (mx1.freebsd.org: domain of joey@joeykelly.net designates 45.56.101.157 as permitted sender) smtp.mailfrom=joey@joeykelly.net; dmarc=none Received: from marsh.redfishnetworks.com (localhost [127.0.0.1]) by marsh.redfishnetworks.com (Postfix) with ESMTP id 2722A279717 for ; Thu, 2 Feb 2023 08:48:38 -0600 (CST) Received: from marsh.redfishnetworks.com ([127.0.0.1]) by marsh.redfishnetworks.com (marsh.redfishnetworks.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id hWrFNxrEfJB2 for ; Thu, 2 Feb 2023 08:48:35 -0600 (CST) Received: from nathan.bibleheroes (ip70-171-75-85.no.no.cox.net [70.171.75.85]) by marsh.redfishnetworks.com (Postfix) with ESMTPSA id C654B27970D for ; Thu, 2 Feb 2023 08:48:35 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=redfishnetworks.com; s=default; t=1675349315; bh=2qTbPj5xzlQ6gvFwLU4A5TZ0uhtdRPJHyAECBlXqQBA=; h=From:To:Subject:Date:In-Reply-To:References; b=wIcdBkdJyinDL+S25oCTK2HhSHOnjIXR+/Iy/JRYeHi9sXfDIvWLmxPQjonjbKuqW 5fedoAcEZ+awviEjzqbM6NVYpDL33zTEjvEF4kTVF+m28/6u4bTwb0qqD5jEP0e0Y2 Bt1b7i8pZUhTvXPGYftVhZFmG42HlihKr7OPSBzQ= From: Joey Kelly To: freebsd-security@freebsd.org Subject: Re: help regarding IP address spoofing (when using nmap) Date: Thu, 02 Feb 2023 08:48:34 -0600 Message-ID: <10158910.FP6jjVeTY9@nathan.bibleheroes> In-Reply-To: References: List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Spamd-Result: default: False [-2.99 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.99)[-0.991]; CTE_CASE(0.50)[]; R_DKIM_ALLOW(-0.20)[redfishnetworks.com:s=default]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; DKIM_TRACE(0.00)[redfishnetworks.com:+]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; RCVD_VIA_SMTP_AUTH(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; DMARC_NA(0.00)[joeykelly.net]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:63949, ipnet:45.56.96.0/20, country:SG]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_ALL(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_DN_NONE(0.00)[]; RCVD_TLS_LAST(0.00)[] X-Rspamd-Queue-Id: 4P71rD71Qjz3CT3 X-Spamd-Bar: -- X-ThisMailContainsUnwantedMimeParts: N On Thursday, February 2, 2023 8:38:46 AM CST Sambuddho Chakravarty wrote: > It was running as root only... > > Also, no the address didn't belong to the interface, and I was spoofing > it... > > So is there no way to spoof packet IP addresses ? I don't know how nmap spoofs an IP, but in a pinch you could alias the IP you want first, run your scan, then drop the alias. --Joey Kelly > > On Thu, 2 Feb 2023, 18:59 J. Hellenthal, wrote: > > On Thu, Feb 02, 2023 at 04:19:57PM +0530, Sambuddho Chakravarty wrote: > > > Hi All > > > > > > I am a relatively newbie to FreeBSD (earlier was running > > > > > > Linux). I am running FreeBSD 13.1. > > > I am trying to run nmap with source IP address spoofing > > > (for some academic purposes). It works fine with Linux > > > but on FreeBSD I get the following error: > > > # nmap -e re0 -S 192.168.17.92 -sS 143.110.249.18 -p 8080 -Pn > > > Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-02 16:04 IST > > > NSOCK ERROR [0.0170s] mksock_bind_addr(): Bind to 192.168.17.92:0 > > > > failed > > > > > (IOD #1): Can't assign requested address (49) > > > NSOCK ERROR [0.0170s] mksock_bind_addr(): Bind to 192.168.17.92:0 > > > > failed > > > > > (IOD #2): Can't assign requested address (49) > > > It works fine without the source spoofing but doesn't when I use > > > it. I can however use my own machine's source IP address with > > > the '-S' option. > > > -- > > > best, > > > sambuddho > > > > sudo(8) or su(1) ? > > > > An address should also be assigned to a interface for it to be bound to. > > > > -- > > The fact that there's a Highway to Hell but only a Stairway to Heaven says > > a lot about anticipated traffic volume. -- Joey Kelly Minister of the Gospel and Linux Consultant http://joeykelly.net 504-239-6550