Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/blechschmidt/fakeroute

IPv4 and IPv6 traceroute fake hop generator through IP spoofing
https://github.com/blechschmidt/fakeroute

fake-traceroute fakeroute ip-spoofing ipv4 ipv4-spoofing ipv6 ipv6-address spoofing traceroute

Last synced: 2 days ago
JSON representation

IPv4 and IPv6 traceroute fake hop generator through IP spoofing

Awesome Lists containing this project

README

        

# fakeroute

Fakeroute allows you to insert fake IPv4 and IPv6 hops between the last real hop and your Linux server by making use of
IP address spoofing.

## Setup

Install the dependencies using `pip install -r requirements.txt`. Run `sudo python fakeroute.py` on the machine for
which you want to spoof the traceroute.

You can supply the path to a text file with custom IP addresses to be spoofed using `--hops`.
The file can contain IPv4 and IPv6 addresses, one per line.

To test the script, you can set up a virtual machine with a bridged network interface, such that it obtains its own IP
via DHCP, and traceroute the IP of the host.

Most ISPs will not allow you to spoof IP addresses nowadays. You can still make use of fakeroute by externalizing the
spoofing process. To this end, start fakeroute with the `--spoofer` option, which expects `IP:port` to listen on, in a
data center that allows spoofing. Then, on the machine for which you want to fake the traceroute, supply fakeroute with
the remote endpoint (`IP:port`) of the spoofer using `--remote`. You can add an HMAC `--key` to not allow everyone to
use your spoofing service.

```
usage: fakeroute.py [-h] [--hops HOPS] [--remote REMOTE] [--spoofer SPOOFER] [--key KEY]

Fake traceroute generator

options:
-h, --help show this help message and exit
--hops HOPS Path to file containing IPv4 and IPv6 addresses
--remote REMOTE IP:port of remote spoofing service
--spoofer SPOOFER IP:port to launch a spoofing service locally
--key KEY HMAC-SHA256 signing key for remote spoofing authentication in hex format
```

## How does it work?

IP packet headers contain a one byte time to live (TTL, IPv4) or hop limit (HL, IPv6) field which is supposed to be
decreased by every router on the packet's path to prevent infinite circulations.
Initially, the sender populates the packet with a sufficiently large value.
Most routers signal the expiry of the TTL by replying with an ICMP "TTL expired" packet to the packet sender.
Tracerouting works by sending out packets with increasing TTL.
The first router will drop the packet with TTL 1 and send an ICMP reply, the second router will drop the packet with TTL
2 and so on.
By simply dropping all packets with a TTL below a certain threshold N at the last hop, it will appear as if N hops, that
do not reply with ICMP packets, had been inserted.
The `fakeroute.py` script uses a raw socket to capture packets with low TTL and either relays them to a server in
a [data center without egress filtering](https://spoofer.caida.org/as_stats.php) (i.e. where packets with spoofed source
IP address are not filtered) or generates ICMP replies for them from fake source IP addresses directly.

## Where does it work?

Most providers will filter packets with forged IP addresses. An incomplete list of server providers without egress
filtering is available here:

| Provider | Product | Date | Status |
|--------------------------------|----------------------------------------|-----------------------------------------------------------------------------------------| ------------------ |
| ~~[njal.la](https://njal.la)~~ | ~~[VPS 15](https://njal.la/servers/)~~ | ~~[September 2, 2022](https://spoofer.caida.org/report.php?sessionkey=bjuru7gyraov66)~~ | no longer working |

If you know more server providers, please submit a pull request with the details (provider name, product name, date, and, if possible,
a CAIDA Spoofer report).

## Screenshot

![Screenshot](https://cysec.biz/projects/fakeroute/screenshot1.png)