''' IP-Spoofing is the forgery of IP addresses. The source address is not the IP of the real network device the packet was sent over, but manually inserted one. Attackers use this technique either to hide the source of the attack or to circumvent a packet-filter or other security layers like tcp wrapper that block or accept connections depending on their source ip address. ''' import sys from scapy.all import send, IP, ICMP
''' Source Code Note: We create an IP packet that is included into an ICMP packet by defining IP() / ICMP(). This somewaht unusual but handy declaration syntax is made possible by Scapy by overriding the / operator with the help of the __div__ method. The IP packet gets the source and destination IP as a parameter. The resulting pa cket object is dumped on the screen by calling the show() method on it (show2() would only display layer 2). Afterwards we send it by calling send() (here too we could use sendp() for layer2). Last but not least if we get any response packets it is being printed on the screen. Of course we can only receive a reply if it is sent to our network card. Therefore it could be necessary to implement a Mitm attack if our host is not connected to the same hub as the target system. In our case we do not have to care about a Mitm attack,because Scapy inserts our MAC address as source address and the destination MAC of the destination IP automatically. Thus we can be sure the reply packet is directly sent back to us. You can protect against IP spoofing by signing and encrypting all IP packets. A common case would be the protocols AH or ESP of the IPSec protocol family.