Spoofer Project FAQ

  1. I'm behind a NAT, will I be able to spoof?
    No, but the spoofer will detect this. This data is important to us so we can estimate the prevalence of NAT preventing spoofing.

  2. I know my network prevents spoofing, should I run the spoofer anyway?
    Yes, please. We also maintain a count of netblocks believed to prevent spoofing. Running the spoofer, even when the spoof is blocked, gives us valuable data.

  3. Does the spoofer client run on Windows?
    Yes! Versions ≥ 0.5 use raw ethernet to spoof when raw sockets fail due to Microsoft mechanisms to prevent spoofing.

  4. Why do I have to run the spoofer as root?
    Programs that create raw sockets must run as root. If you are concerned about the security of our binaries, we welcome you to examine the provided source code and build your own.

  5. The numbers in the summary report don't add up!
    This is due to the server receiving multiple spoofer reports from the same client (IP address) but with different operating systems. For instance multiple machines running different OSes sitting behind a NAT.

  6. The spoofer doesn't seem to work on Windows 9x
    It appears that the setsockopt(IP_HDRINCL) option is not supported. Please try the spoofer on Windows 2000 or XP.

  7. My Linux box is unable to send spoofed packets even though I'm root, what's going on?
    Check to see whether /proc/sys/net/ipv4/conf/*/rp_filter is set to 1 (true). If so, the machine is performing RFC1812 reverse path source validation and will not send spoofed packets. RP checking is off by default, but some Linux distributions enable it.

  8. What's the difference between versions?
    See the CHANGES file in the source distribution.

  9. How long have you been collecting data?
    The first public announcement was sent to the NANOG mailing list on February 24th, 2005.

  10. Can you provide addresses of spoofable netblocks/ASes?
    No. To respect the privacy and security of the participants and networks involved in the study, we don't make this data publicly available.

  11. Can you please explain "tracefilter" and how you're using it?
    Sure, see the full description here.

  12. Can you explain email spoofing?
    No, sorry, this project is concerned only with IP source address spoofing. This Wikipedia article explains the difference.

Return to Spoofer page

$Id: faq.html,v 1.7 2008/01/25 20:12:25 rbeverly Exp $