IP deauth with spoofed packets possible?

[whitenoise]

I'm not sure whether this is possible or not. When I plug the power cable into my home router it communicates to my internet provider and I get an IP.

Once I disconnect it from power and reconnect it I get a new IP.

So obviously there has to be some kind of arrangement between my provider and the router that looks like:

router: "hey it's me [credentials], please give me a new IP"

At the moment I have no idea how this exactly works, I guess it is some type of handshake.

Still the question though, could it be possible, once I know the IP of my target, to send a spoofed packet to the provider telling that I want to re-connect and thus dropping the target from the line?

Has anyone some information about that process?

Thanks in advance ;)

[cooper]

Your router is a DHCP client to the ISP. If it's in bridge mode then your machine is the DHCP client to the ISP. In both cases the ISP assigns you *ONE* ip. It might involve the exchange of credentials, but my ISP as far as I can tell doesn't ask for creds so it figured out via some other means if I should have access to the network. Let's ignore that bit for now.

So you're a new user of the network. You're supposed to have your DHCP client kick in so you get your IP. Once you get that IP and start sending with a different IP, chances are VERY good your packet will get dropped and that alarm bells will ring at the ISP that may result in you losing your network connection until they figure out what happened there.

But what if you didn't kick in your DHCP client and simply start sending packets? Probably the same result - packets dropped, alert to an admin.

You see, you're not trying to trick some home use fiddly hunk of consumer plastic from China. You're actually playing serious pro metal designed to keep you in your seat WHERE YOU BELONG, MAGGOT!

That's not to say that you can't find a way to hack that shit. For sure it's possible. But you'll be required to do that before you can mess with the other users on the network. And there's a high probability that the hardware will signal your nefarious activities which is what your ISP made you sign the AUP for - so they can kill your connection and retain any and all funds you've already provided them with.

Long story short: best not go here.

[i8igmac]

the tcp 3 way handshake and a spoofed src-ip...

Hping -s -d 192.168.0.1 -p 80 -a 66.66.66.66

The router will get a syn packet and then respond to the spoofed src address but the connection never happens...

predictable sequence numbers, you might probe the target and guess the sequence number so you can inject the a tcp drop packet on a already existing tcp connection...

[whitenoise]

Of course this idea is just some theoretical play-around. I'm not intending to test it, because as you said ... there are some bigger players involved here.

My router (fritzbox) requires some credential information to establish the internet connection. I don't know yet if there is some authentication process with the provider. Maybe there is a way to include a MITM with wireshark between the router and my provider to see what actually is going on. It totally makes sense that the provider basically acts as a DHCP server and my router as a client. So the user gets connected and the provider is the gateway for other nets.

Okay, how does the provider know that a packet is comming from a specific router/user? - probably by its assigned IP address.

I would agree that probably any other packets arriving at the provider and not having a 'kind a registered' IP address will be dropped.

However, if there is some process of association and dissociation of the router to the provider it should be possible - assumed you are physically in the same network - to spoof a packet comming from the router telling the DNS server "hey, I'm out!".

If it is a challenge response system it probably is not possible to spoof anything here successful (at least without being a MITM).

I was just wondering if I'm in the same network (again - theoretically) I have a chance to kick someone out.

Maybe I'll try to catch some traffic of the association process and see what kind a magic is going on.

Yes, the TCP handshake of course would fail in the situation with a spoofed ip. Sending TCP connection drops with random guessed sequence numbers ... yeah, sounds a bit like the wheel of fortune.

Thanks for the input so far ;)

[i8igmac]

I think it is possible to probe for a sequence id. so to increase your chances... I have always wanted to try and inject a tcp drop packet into a already existing connection...