Is it possible to spoof an IP address to an exact number?

  • The title says it all really. Say my IP address was 1.2.3.4 and I wanted to change or 'spoof' it so that its exactly 2.3.4.5, would this be possible or are there too many varying factors that need to be taken into account before getting a definitive answer?

    Why you might ask?

    Well I was in a store the other day and they had iPads around the room setup so that they were showing the store's online website. I went over and looked at one and noticed that what was showing on their in-store iPads was different to what I would see by simply connecting to their site via my phone (and yes, they were both the exact same link using the same exact browser, Safari).

    This lead me to think that the only way they're able to do this is by either having the site detect the device's IP address and show specific (or exclusive) content on their homepage based on that, or by having the site detect that the device is using the stores WiFi (although I doubt this is possible, hence why I thought the IP route was more plausible).

    So I was curious whether it'd be possible to spoof my device's IP to that of the stores' exact IP so that my device showed exactly what theirs did in regards to their website.

    Feel free to discuss this, I know this is very very specific and with minimal details known, so I doubt there's a definitive solution...

    No, that's not how they're doing it. The in-store iPads are pointing at a Apple controlled DNS server that is providing a different address for the site than the one that is available to the public Internet. It may not ever be a routable address. Best Buy got in trouble for this years ago because they were using it to display higher prices in-store than on the public Internet version of the website.

    @Xander I see, and is there any way to change my wifi's DNS server on my iPhone to the same one they use instore if I manage to find out theirs? Or would that not work - do I need to be connected to their store wifi (which in turns provides the DNS needed server)

    Probably not. It's a network configuration setting and if you can't join to the network they're on (you probably won't be able to) you probably won't be able to access the DNS servers they're using either.

    To add to the excellent answers, I believe the root of your confusion is based on you misunderstanding what the term "ip spoofing" actually means - it does NOT mean you can use a different IP. It merely refers to making packets you send LOOK LIKE they are coming from a different IP. But it's like sending letters with a fake return address - ip spoofing will not allow you to RECEIVE any content in response. So even if you were to perfectly spoof a store IP address, it would do you no good in this scenario.

    "This lead me to think that the only way they're able to do this..."? Nope, they could also have a special "display device login page" that you don't know about, which puts a cookie on the device and allows other pages on the site to display different data for "logged-in" devices...

    "is there any way to change my wifi's DNS server on my iPhone to the same one they use instore if I manage to find out theirs?" probably both their DNS and their website are filtered to only internal (instore) IP traffic at firewall level. You should a) connect to the instore wifi. b) sniff DNS traffic c) visit the internal website.

    You can also "spoof" your street address by writing a wrong return address on a letter. But you will not receive the reply.

  • ThoriumBR

    ThoriumBR Correct answer

    2 years ago

    You can change your IP to whatever you want; that's trivial. But that will not work the way you want to.

    Let's say the store's ISP is Apple Networks, and their IP range is 1.2.3.0 to 1.2.3.255. You note that and get home. Your home network is from Avocado Networks, and their IP range is 2.3.4.5. You change your IP to 1.2.3.123 and wait. Nothing happens. You cannot access any site. You are offline.

    But why?

    Routing.

    Avocado Network tells the entire world they own the network 2.3.4.0, so when people want to reach anyone on that range, they send the packet to Avocado routers. They don't send any 1.2.3.0 packets to them, they send to Apple Networks routers as they are the ones advertising to the entire world their IP range. So your computer sits there, waiting for anything to come, and nothing happens.

    If Avocado Networks employs Egress Filtering, your packets don't even leave their network. Their routers will say this is a packet coming from my network, but it says it's from Apple Networks' address space; it must be an error, so I will drop the package.

    If they and nobody along the path uses Egress Filtering, your request for connection will reach pineapple.com, the site will respond as usual, but the response will be sent to Apple Networks routers, not Avocado networks. And either there will be nobody with 1.2.3.123 IP address to answer and the packet gets forgotten, or there will be an 1.2.3.123 there, and they will say sorry, I never heard from this connection before. Forget it. and that's that.

    To achieve what you want, you must connect a system to the store network, make it work as a proxy, and forward packets from your home to that system, and then that system will access pineapple.com site on your behalf and send you the response.

    So, would it be bad if someone pretended to be you? (E.g. a DDOS attack through many responses) or is that a non-issue in practice?

    @DennisJaheruddin when getting hit by a DDOS, I don't think anyone believes the source IP to be accurate, so it shouldn't harm you, the real IP holder. That said, with some protocols it can be used to attack you indirectly: the attacker sends a packet saying "I'm 1.2.3.123, what's the answer to foo?" to some DNS server, which then sends the reply to 1.2.3.123. If that reply is bigger than the original request, it's called an amplification attack, since the victim will get hit with more traffic than the attacker can send, thanks to the DNS server inadvertently helping them.

    It might be useful to note that BGP hijacking does allow you to spoof your IP for a fraction of the greater internet. Of course, BGP hijacking is a little more complex than running a few `ifconfig` commands, and it will get you in heaps of trouble, especially if you succeed...

    @forest: *In principle*, BGP hijacking should not be possible unless you are a nation-state actor, an ISP, or your ISP is incompetent. Unfortunately, the latter is depressingly common. In fact, a lot of BGP "hijacking" incidents aren't even deliberate, they're just "ISP A accidentally sent a ridiculous BGP route to ISP B, and then ISP B believed them even though the data was obviously bad."

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM