source IP spoofing test

It came to my attention (totally unexpected :-p), that there are still ISPs who don't care about BCP 38 and although it is 2017 already, it seems that we need testing tools for that. The best one might be Spoofer from CAIDA. It is available for many platforms, but needs installation/compilation. If you wanna test with a quick (and dirty) spoofed ICMP ping, I might help you out. This server is accepting and logging pings (or echo requests). If you ping this server, it will log that and show you the result after about a minute (max). Why "about" a minute? Because the logs are not stored, but the file is rotated every minute and displayed on the website after rotation (for about a minute, until rotated again). It logs spoofed and not spoofed pings (of course, how should I know the difference ;-). The file will be overwritten every minute, so no logs are kept and a ping -f won't fill up my drive :-p

You can try a standard, not spoofed ping and see the result in the raw output below (LINK). If you want to test if your ISP is NOT blocking spoofed packets, you can use tools like nping (part of the fabulous nmap) or packETH. Unless the traffic gets filtered (what should be the case), you might see your spoofed echo request in the output.

A sample nping syntax would be nping -S a.b.c.d - This would send an ICMP ping with the spoofed address of a.b.c.d (although it should be a proper IP, of course ;-)
BTW: nping/nmap can be used as a portable application, but if you are unable to run it (missing privileges or whatever), you could also use a Cisco router to send a ping with a specified source IP (this has to exist on the router, so you could assign it to a Loopback interface, but take care that you don't blackhole any traffic!!!)

To see the received echo requests of the last minute (UTC timestamp)


You should know what you are doing! This tool is offered as is. Use at your own risk!!! Don't do anything you are not allowed to! You will go to jail, not me!
Contact: bernd at uebi dot net