TechQA.

GCP doesn't allow packet with spoofed IP address - why?

623 views Asked by At

I have problem because I want to send a packet generated by myself to my vm instance on GCP. I'm using following code with spoofed source address:

packet = IP(src="77.7.7.7", dst="MY-VM-IP")/UDP(sport=RandShort(), dport=53)/DNS(rd=1,qd=DNSQR(qname="google.com"))

import time
while True:

  send(packet)
  time.sleep(1)

Although when I'm not changing source IP, I can see my packet with TCP dump on my VM. How can I make it works? I have IP forwarding enabled on my VM and FW set to allow.

networking scapy google-cloud-networking
Original Q&A
1

There are 1 answers

2
Kostikas Visnia On

According to the documentation 1, it is possible as long as the VM who sends the packet has IP forwarding set to ON.

You also need to make sure that the VM who is recving the traffic has an Ingress FW rule that allows that.

I just tested the following and it worked:

  • Created a VM A1, with allow everything from everywhere FW rule.
  • Created another VM, B1 with IP forwarding enabled.
  • Run the code above to generate and send a packet from B1 to A1.
  • I could see with tcpdump the packet arriving on A1.

Related Questions in NETWORKING

Related Questions in SCAPY

Related Questions in GOOGLE-CLOUD-NETWORKING

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions