Obfuscation of destination IP address

10 pts.
Tags:
catq
Hacking tools and techniques
IP address
Network security
Obfuscation
Packets
Routers
A self proclaimed security architect told me that there were hacking attacks where the hacker "obfuscated" the destination IP address to confuse the router into forwarding the packet out all of its interfaces and subsiquently the packet would live forever. In my limited knowledge I was a bit sceptical. Since he would not explain exactly what was in the destination address field of the header, my question is this; what would a router do with a packet that had either no address or something other than an unicast/multicast address as its destination IP?
ASKED: May 16, 2009  1:01 PM
UPDATED: May 20, 2009  3:08 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

I am sceptical as well… As far as a router is concerned, the destination IP is just 32 bits. The router examines the 32 bit number to determine whether it has a route that the destination IP address falls under. If it does, it forwards the packet out the appropriate interface, if it does not, it drops the packet and returns an ICMP unreachable. Most routers are intelligent enough, or programmed intelligently enough so that packets with inappropriate IP addresses are dropped.

Here is another way to look at it…

This is what your router sees (without the dots)
This is THE network address or as close to a packet with “no ip address” as you’re going to get
00000000.00000000.00000000.00000000
or 0.0.0.0 in decimal

And this is the highest number your router can recognize
11111111.11111111.11111111.11111111.
or 255.255.255.255 in decimal

There is nothing that will fall outside of that. Even if you tried to send something bigger than this at your router, the number is simply going to go into other fields of the packet and get interpreted not as your destination address but something else (either source IP or part of the options field).

Tell your friend to visit www.ietf.org, read and learn RFC 791.

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Ledlincoln
    Kind of like that scary email that went out years ago, in the early days of viruses, that said there's a virus out there that puts your CPU into an "infinite binary loop" and causes it to melt down. ;-)
    1,620 pointsBadges:
    report
  • Jfernatt
    lol, a customer of a good friend of mine had him come onsite because he was under the impression that he had been hacked. When my friend arrived onsite, the customer brought him to their conference table, set their router down on the table, and asked him whether or not the hackers were in the box (the router was completely disconnected and powered off on the table) Good stuff
    605 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following