Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Server for legitimate IP spoofing (not DDoS/amplification)
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Server for legitimate IP spoofing (not DDoS/amplification)

ValdikSSValdikSS Member
edited April 2017 in Requests

Hi, I'm looking for a server offer or at least a provider name which allow source IP spoofing.
I have two legitimate reasons to use IP spoofing.

The first is a censorship circumvention system using ReQrypt. ReQrypt software first encrypts and sends first TCP packet to IP spoofing server, the server forwards this packed from client's source IP to destination server, further data transfer between client and destination host within single TCP session is performed without spoofing server. This is faster than proxy and preserves client's IP address.

ReQrypt packet flow

The second is for my project to traverse NAT without outbound session initiation. It's basically based on pwnat but uses UDP packets on the server side. To connect to the host behind NAT from another NAT client needs to send ICMP TTL Exceeded packet which most NAT drop (but accept if it's incoming). Such ICMP packets would be sent from this server with source IP spoofing.

I'm fine with any configuration. I need at most 256 MB RAM and somewhere about 5 GB HDD. I don't expect traffic to exceed 100 GB per month. The cheaper the better.

Please write PM if you don't want to mention provider in public.

Comments

  • randvegetarandvegeta Member, Host Rep

    Do you need full DNS capabilities? Amplification attacks can be somewhat mitigated if DNS ports are blocked.

    Do you have a budget in mind?

    Thanked by 1dontmindme
  • @randvegeta said:
    Do you need full DNS capabilities? Amplification attacks can be somewhat mitigated if DNS ports are blocked.

    Do you have a budget in mind?

    If you're going to make an offer, I'm fine if port 53 is blocked. I can configure DNS with dnscrypt.
    I'd like to stick with low-end if possible, so $7/mo for VPS at most. I don't need much RAM, HDD, CPU or bandwidth.

  • StealthyHostingStealthyHosting Member, Host Rep

    It's not worth the risk to any provider to give you this, it is highly abusable. If you truly wish to start a service like this you will want to look at colo and having your own ISP connections.

  • randvegetarandvegeta Member, Host Rep

    Can I also block port 123?

    If so, then I can do it for $7 in Lithuania. Which OS do you need?

  • randvegetarandvegeta Member, Host Rep

    StealthyHosting said: It's not worth the risk to any provider to give you this, it is highly abusable. If you truly wish to start a service like this you will want to look at colo and having your own ISP connections.

    If he's willing to block access to the DNS and NTP ports, then that kind of takes out 90% of the risk IMO.

    Needless to say, first sign of abuse, and the server will be cancelled!

  • randvegeta said: Can I also block port 123?

    Yes it's fine.
    Is that VPS? That's the configuration?

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    Well thank you @valdikss, you've now given Ecatel an excuse to use on the forums.

    Francisco

  • layfonlayfon Member
    edited April 2017

    There was one recent thread requesting IP spoofing VPS just in page 2, coincidence?
    At least this OP provides better reason though.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @layfon said:
    There was one recent thread requesting IP spoofing VPS just in page 2, coincidence?
    At least this OP provides better reason though.

    That guy straight up wanted it for DOS reasons.

    Francisco

  • AlexBarakovAlexBarakov Patron Provider, Veteran

    There was a guy over at WHT that wanted 100 servers for streaming with ip spoofing enabled, sometime this month.

  • Keep in mind, just because your DC allows IP spoofing this does NOT mean their upstream will, or that their upstream will. You never get guaranteed spoofing ability.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @AlexBarakov said:
    There was a guy over at WHT that wanted 100 servers for streaming with ip spoofing enabled, sometime this month.

    Oh I think I remember seeing that, he wants to run some massive piracy operation.

    Francisco

    Thanked by 1doughmanes
  • @William said:
    Keep in mind, just because your DC allows IP spoofing this does NOT mean their upstream will, or that their upstream will. You never get guaranteed spoofing ability.

    I didn't know about that, can you please tell more? Is it common to do ingress filtering? How many providers do this?

  • WilliamWilliam Member
    edited April 2017

    Telia for example, all Chinese carriers, NTT. Cogent/Level3 probably not.

    This is especially the case if the IP you spoof is a directly peered customer of them, so they automatically know this isn't right.

  • ValdikSS said: censorship circumvention system using ReQrypt.

    This is crazy. It will stick out like a sore thumb.

    ValdikSS said: traverse NAT ... ICMP...

    If I understand this, you're trying to do peer to peer over UDP, but starting with a server connection. If the p2p part works after setup, why not just have the server hand off the address info instead of spoofing?

  • ValdikSSValdikSS Member
    edited April 2017

    @William said:
    Telia for example, all Chinese carriers, NTT. Cogent/Level3 probably not.

    This is especially the case if the IP you spoof is a directly peered customer of them, so they automatically know this isn't right.

    Thanks. For ReQrypt I mostly care about Russian connectivity. Do you know something about biggest Russian transit providers like Rascom, Transtelecom, Retn, Megafon, Vimpelcom, Rostelecom?

    I doubt my idea is sane now.

  • WilliamWilliam Member
    edited April 2017

    Most of these in some way now use ddos-guard here and there, which yes will filter this out. Retn for sure.

    I suspect what you try here, if used to circumvent censorship, is illegal in Russia and will get you jail.

  • ValdikSSValdikSS Member
    edited April 2017

    willie said: If I understand this, you're trying to do peer to peer over UDP, but starting with a server connection.

    Not quite right. Say, server behind NAT sends UDP packets to some constant random address like 3.3.3.3 every 30 seconds. If we send ICMP Time To Live Exceeded to the server from the client that is not behind NAT without any source IP spoofing, server will receive that packet.

    Now the problem is that most NATs do not allow to send such ICMP packet since (in terms of linux conntrack) it's neither NEW nor ESTABLISHED or RELATED, it's INVALID and should be dropped. You can't connect to server behind NAT if you as client is also behind NAT. This third-party spoofing server is used to send ICMP packet with source IP address spoofing, while the server behind NAT won't need to connect to any third-party server.

  • @Francisco said:
    Well thank you @valdikss, you've now given Ecatel an excuse to use on the forums.

    Francisco
    @Francisco said:
    Well thank you @valdikss, you've now given Ecatel an excuse to use on the forums.

    Francisco
    @Francisco said:
    Well thank you @valdikss, you've now given Ecatel an excuse to use on the forums.

    Francisco

    What? Ecatel doesn't allow IP spoofing from MANY years now due to people was abusing of it, they disabled spoofing on all of their range, and their latency from international carrier is one of the best you can find out.

  • Was ColoCrossing allowing it a while back?

  • jh_aurologicjh_aurologic Member, Patron Provider
    edited April 2017

    @William said:
    Telia for example, all Chinese carriers, NTT. Cogent/Level3 probably not.

    This is especially the case if the IP you spoof is a directly peered customer of them, so they automatically know this isn't right.

    Cogent does not block spoofing? haha, good joke, most of the spoofed typical booter attacks are comming from Cogent ;-)

  • WilliamWilliam Member
    edited April 2017

    Kabeldamagement said: Cogent does not block spoofing? haha, good joke, must of the spoofed typical booter attacks are comming from Cogent ;-)

    hm? As i said, Cogent does not block spoofing, I did not say they do. Learn to read english.

    Thanked by 2pike ChrisMiller
  • jh_aurologicjh_aurologic Member, Patron Provider

    @William said:

    Kabeldamagement said: Cogent does not block spoofing? haha, good joke, must of the spoofed typical booter attacks are comming from Cogent ;-)

    hm? As i said, Cogent does not block spoofing, I did not say they do. Learn to read english.

    Well, "flying" over a text and reading the wrong ones does not mean, that I dont understand English ;-)

  • randvegetarandvegeta Member, Host Rep

    Kabeldamagement said: Well, "flying" over a text and reading the wrong ones does not mean, that I dont understand English ;-)

    I suppose then that only leaves learning to read. If you 'fly over text', that's not exactly reading ;-).

  • jh_aurologicjh_aurologic Member, Patron Provider

    Sure ;-)

  • Bought a server from @randvegeta. Thanks.

  • ClouviderClouvider Member, Patron Provider

    @randvegeta said:
    Can I also block port 123?

    If so, then I can do it for $7 in Lithuania. Which OS do you need?

    and 27015

    and all sort of funny ports people use to reflect from these days.

  • randvegetarandvegeta Member, Host Rep

    Clouvider said: and 27015

    and all sort of funny ports people use to reflect from these days.

    Well the main ones are DNS and NTP but indeed, there are a bunch of other odd ports. If they can all be blocked then it should mitigate much of the risk. Not to mention the requested only 100GB /m in data transfer, suggesting an average of just 0.15-0.30Mbit.

    Thanked by 1lilan
Sign In or Register to comment.