Thursday, July 2, 2015

IP and Packet Spoofing tools


IP Spoofing Attack Tool List

If you want to see full detail of IP Spoofing, please go to the Source.
Services vulnerable to IP spoofing
Configurations and services that are vulnerable to IP spoofing:

  •     RPC (Remote Procedure Call services)
  •     Any service that uses IP address authentication
  •     The X Window System
  •     The R services suite

Most popular tools used to modify packet headers:
Tools – For Windows



  1.     Engage Packet Builder – Scriptable packet builder for Windows
  2.     HPing – Command-line oriented TCP/IP packet assembler/analyzer
  3.     Nemesis – Command-line portable IP stack
  4.     PacketExcalibur – Graphical and scriptable network packet engine
  5.     Scapy – Interactive packet manipulation tool
  6.     Spoofer – IP Spoofing Tester
  7.     Colasoft Packet Builder – Tool for creating custom network packets
  8.     Colasoft Packet Player – Packet replay tool
  9.     NMap – Utility for network exploration and security auditing

Tools – For Linux

  1.     LSRscan – Loose Source Route Scanning Tool
  2.     Scapy – Interactive packet manipulation tool
  3.     Spoofer – IP Spoofing Tester
  4.     Yersina – Tool to exploit weaknesses’ in different network protocols
  5.     Sendip – Send completely arbitrary packets out over the network
  6.     HPing – Command-line TCP/IP packet assembler/analyzer
  7.     IRPAS – Internetwork Routing Portocol Attack Suite (File2Cable etc.)
  8.     LSRtunnel – Loose Source Route Tunneling Tool
  9.     Nemesis – Command-line portable IP stack
  10.     NMap – Utility for network exploration and security auditing
  11.     PacketExcalibur – Graphical and scriptable network packet engine

Defenses against IP Spoofing

There are a few precautions that can be taken to prevent IP Spoofing attacks on the network:

Filtering packets at the Router - Implementing ingress and egress filtering on your routers is the best defense against the IP spoofing attack. Ingress filtering is the process of blocking packets from outside the network with a source address inside the network. Egress filtering is the blocking of packets from inside the network with a source address that is not inside. You will also need to implement an ACL (access control list) that blocks private IP addresses on your downstream interface. On the upstream interface you should restrict source addresses outside of your valid range, which will prevent someone on your network from sending spoofed traffic to the Internet.

Encryption and Authentication - Implementing encryption and authentication will also reduce spoofing threats. Both of these features are included in IPv6, which will eliminate current spoofing threats. Host IP based authentication must not be used based on the IP address. It is recommended to design network protocols and services so that they do not rely on the IP source address for authentication.

Conclusion: IP spoofing is really easy because there are many tools available which allow users to edit packets and send packets from the IP. So performing IP spoofing is really simple, which leads to some big hacking operations. Although many servers have secure mechanisms to prevent spoofed packets, all those mechanisms are limited. Most of the networks still does not consider this attack. So their authentication based on IP address fails.
If we take a look at recent DOS attacks, most of the attackers are still untraceable because they have used IP spoofing to perform the attack and to prevent their real identity. So server administrators and network administrators must consider this attack while designing the security rules for their servers and networks. By considering some points, it’s easy to identify the forged packet with fake IP addresses.

Note : Copied from offensive Security Blog.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)