Date: Fri, 03 Feb 2023 18:51:38 -0800 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Sambuddho Chakravarty <sambuddho@iiitd.ac.in> Cc: freebsd-security@freebsd.org Subject: Re: help regarding IP address spoofing (when using nmap) Message-ID: <20230204025138.974A212F@slippy.cwsent.com> In-Reply-To: <CAK1-MKcNetGHrg5VpHpmrE%2BXDf%2BSvn1pp-rWd%2BTzU9ay76frfw@mail.gmail.com> References: <CAK1-MKcNetGHrg5VpHpmrE%2BXDf%2BSvn1pp-rWd%2BTzU9ay76frfw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <CAK1-MKcNetGHrg5VpHpmrE+XDf+Svn1pp-rWd+TzU9ay76frfw@mail.gmail.c om> , Sambuddho Chakravarty writes: > --0000000000000384a005f3b55664 > Content-Type: text/plain; charset="UTF-8" > > Hi All > I am a relatively newbie to FreeBSD (earlier was running > Linux). I am running FreeBSD 13.1. > > I am trying to run nmap with source IP address spoofing > (for some academic purposes). It works fine with Linux > but on FreeBSD I get the following error: > > # nmap -e re0 -S 192.168.17.92 -sS 143.110.249.18 -p 8080 -Pn > Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-02 16:04 IST > NSOCK ERROR [0.0170s] mksock_bind_addr(): Bind to 192.168.17.92:0 failed > (IOD #1): Can't assign requested address (49) > NSOCK ERROR [0.0170s] mksock_bind_addr(): Bind to 192.168.17.92:0 failed > (IOD #2): Can't assign requested address (49) I tried the following from my laptop (IP 10.1.1.91) to one of my machines on my network 10.1.1.7. slippy# nmap -e lagg0 -S 192.168.17.92 -sS 10.1.1.7 -p 8080 -Pn Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-03 18:43 PST Nmap scan report for bob (10.1.1.7) Host is up (0.00040s latency). PORT STATE SERVICE 8080/tcp filtered http-proxy MAC Address: xx:xx:xx:xx:xx:xx (NIC manufacturer name was here) Nmap done: 1 IP address (1 host up) scanned in 0.36 seconds slippy# tcpdump showed the following on the target system. 18:43:06.847120 ARP, Request who-has 10.1.1.7 tell 192.168.17.92, length 46 18:43:06.847143 ARP, Reply 10.1.1.7 is-at xx:xx:xx:xx:xx, length 28 18:43:06.880860 IP 192.168.17.92.33262 > 10.1.1.7.8080: Flags [S], seq 1331497492, win 1024, options [mss 1460], length 0 18:43:06.880897 IP 10.1.1.7.8080 > 192.168.17.92.33262: Flags [R.], seq 0, ack 1331497493, win 0, length 0 18:43:06.987099 IP 192.168.17.92.33264 > 10.1.1.7.8080: Flags [S], seq 1331628566, win 1024, options [mss 1460], length 0 18:43:06.987133 IP 10.1.1.7.8080 > 192.168.17.92.33264: Flags [R.], seq 0, ack 1331628567, win 0, length 0 I have nothing listening on port 8080 thus 10.1.1.7 correctly replied with a RST. > > > It works fine without the source spoofing but doesn't when I use > it. I can however use my own machine's source IP address with > the '-S' option. As you can see from above it worked fine here. Were you running it under root or some other account? Was there something else bound to that address? -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org e^(i*pi)+1=0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20230204025138.974A212F>