什么可以阻止Windows计算机上的欺骗性UDP数据包?

时间:2018-05-31 14:03:15

标签: javascript node.js sockets udp raw-sockets

我尝试创建一个简单的IP地址欺骗程序。目标是说服本地网络上的计算机游戏连接到互联网服务器。游戏只通过UDP广播发现服务器,并且不接受服务器IP。

因此,我想欺骗游戏,以为它通过创建虚假的UDP数据包从互联网服务器接收到答案信息。

我成功使用raw-socket生成带有UDP负载的IPV4数据包。只要我设置了正确的IP就会被发送。

然而,如果我把伪造的IP放在数据包中,它就不会离开机器。我无法在我的机器上的Wireshark中看到它。我还注意到有些东西纠正了我的数据包上的IPV4校验和。我总是发送校验和0xFFFF,但Wireshark看到了这一点:

enter image description here

我如何使用raw-socket发送它:

const raw = require("raw-socket");
const UDPPacket = require("../generic/UDPPacket");
const IPV4Packet = require("../generic/IPV4Packet");

var socket = raw.createSocket({ protocol: raw.Protocol.UDP });

socket.on("message", function (buffer, source) {
    console.log("received " + buffer.length + " bytes from " + source);
});
// UDPPacket and IPV4 packet are classes that I wrote in order to 
// generate the UDP and IPV4 byte data
const packet = new UDPPacket();
packet.srcPort = 27888;
packet.dstPort = 1234;
packet.data = responseBuffer;
const buf = packet.fullBuffer;
const ipv4packet = new IPV4Packet();
ipv4packet.payloadBuffer = buf;

// I send the message form several IPs, but only mine works
const iprand = "192.168.110.";
let ipincrement = 75 * 2;
// my actual IP right now
ipv4packet.srcAddr = "192.168.110.79";
ipv4packet.dstAddr = "192.168.110.1";


setInterval(() => {
    // Try to send it from another IP
    ipv4packet.srcAddr = iprand + Math.round((++ipincrement)/2);
    const ipv4buf = ipv4packet.fullBuffer;
    socket.send(ipv4buf, 0, ipv4buf.length, ipv4packet.dstAddr, function (error, bytes) {
        // I'm not sure what does this exactly do,
        // I found it on the internet ¯\_(ツ)_/¯
        // But without it, I cannot send the IPV4 headers
        socket.setOption(
            raw.SocketLevel.IPPROTO_IP,
            raw.SocketOption.IP_HDRINCL,
            new Buffer([0x01, 0x00, 0x00, 0x00]),
            4
        );
    },
    function (error, bytes) {
        // always prints that bytes were sent
        if (error)
            console.log(error.toString());
        else
            console.log(bytes, " bytes sent!");
    }
    );
}, 700)

谁阻止并更改我的数据包?我试过禁用防火墙,没有帮助。

请注意,即使目标是本地机器,消息也会丢失。

1 个答案:

答案 0 :(得分:0)

请参阅https://msdn.microsoft.com/en-us/library/windows/desktop/ms740548(v=vs.85).aspx

在Windows 7,Windows Vista,Windows XP Service Pack 2(SP2)和Windows XP Service Pack 3(SP3)上,通过原始套接字发送流量的功能受到多种限制:

无法通过原始套接字发送具有无效源地址的UDP数据报。任何传出UDP数据报的IP源地址必须存在于网络接口上,否则数据报将被丢弃。此更改旨在限制恶意代码创建分布式拒绝服务攻击的能力,并限制发送欺骗数据包(具有伪造源IP地址的TCP / IP数据包)的能力。

相关问题
最新问题