Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 03 Feb 2023 18:51:38 -0800
From:      Cy Schubert <Cy.Schubert@cschubert.com>
To:        Sambuddho Chakravarty <sambuddho@iiitd.ac.in>
Cc:        freebsd-security@freebsd.org
Subject:   Re: help regarding IP address spoofing (when using nmap)
Message-ID:  <20230204025138.974A212F@slippy.cwsent.com>
In-Reply-To: <CAK1-MKcNetGHrg5VpHpmrE%2BXDf%2BSvn1pp-rWd%2BTzU9ay76frfw@mail.gmail.com>
References:  <CAK1-MKcNetGHrg5VpHpmrE%2BXDf%2BSvn1pp-rWd%2BTzU9ay76frfw@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
In message <CAK1-MKcNetGHrg5VpHpmrE+XDf+Svn1pp-rWd+TzU9ay76frfw@mail.gmail.c
om>
, Sambuddho Chakravarty writes:
> --0000000000000384a005f3b55664
> Content-Type: text/plain; charset="UTF-8"
>
> Hi All
>  I am a relatively newbie to FreeBSD (earlier was running
> Linux). I am running FreeBSD 13.1.
>
> I am trying to run nmap with source IP address spoofing
> (for some academic purposes). It works fine with Linux
> but on FreeBSD I get the following error:
>
> # nmap -e re0 -S 192.168.17.92 -sS 143.110.249.18  -p 8080 -Pn
> Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-02 16:04 IST
> NSOCK ERROR [0.0170s] mksock_bind_addr(): Bind to 192.168.17.92:0 failed
> (IOD #1): Can't assign requested address (49)
> NSOCK ERROR [0.0170s] mksock_bind_addr(): Bind to 192.168.17.92:0 failed
> (IOD #2): Can't assign requested address (49)

I tried the following from my laptop (IP 10.1.1.91) to one of my machines 
on my network 10.1.1.7.

slippy# nmap -e lagg0 -S 192.168.17.92 -sS 10.1.1.7  -p 8080 -Pn
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-03 18:43 PST
Nmap scan report for bob (10.1.1.7)
Host is up (0.00040s latency).

PORT     STATE    SERVICE
8080/tcp filtered http-proxy
MAC Address: xx:xx:xx:xx:xx:xx (NIC manufacturer name was here)

Nmap done: 1 IP address (1 host up) scanned in 0.36 seconds
slippy# 

tcpdump showed the following on the target system.

18:43:06.847120 ARP, Request who-has 10.1.1.7 tell 192.168.17.92, length 46
18:43:06.847143 ARP, Reply 10.1.1.7 is-at xx:xx:xx:xx:xx, length 28
18:43:06.880860 IP 192.168.17.92.33262 > 10.1.1.7.8080: Flags [S], seq 
1331497492, win 1024, options [mss 1460], length 0
18:43:06.880897 IP 10.1.1.7.8080 > 192.168.17.92.33262: Flags [R.], seq 0, 
ack 1331497493, win 0, length 0
18:43:06.987099 IP 192.168.17.92.33264 > 10.1.1.7.8080: Flags [S], seq 
1331628566, win 1024, options [mss 1460], length 0
18:43:06.987133 IP 10.1.1.7.8080 > 192.168.17.92.33264: Flags [R.], seq 0, 
ack 1331628567, win 0, length 0

I have nothing listening on port 8080 thus 10.1.1.7 correctly replied with 
a RST.

>
>
> It works fine without the source spoofing but doesn't when I use
> it. I can however use my own machine's source IP address with
> the '-S' option.

As you can see from above it worked fine here. Were you running it under 
root or some other account?

Was there something else bound to that address?


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
NTP:           <cy@nwtime.org>    Web:  https://nwtime.org

			e^(i*pi)+1=0





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20230204025138.974A212F>