Is IP Spoofing Possible in Windows Desktop with User Privileges?
I read on WinSockAPI that IP spoofing is disabled for Desktop windows devices (non-servers like Windows 7, etc). However, I’ve been able to do IP spoofing using nmap, so clearly this is possible. However, nmap requires admin privileges. Is it possible to send spoof packets as a user?
With nmap, I did see the error, but it sent the packets anyways.
NSOCK ERROR [1.4590s] mksock_bind_addr(): Bind to [spoofed IP]:0 failed (IOD #5): The requested address is not valid in its context. (10049)
Answer
Mostly no. IP spoofing was disabled in XP and is still available on some server versions.
Limitations on Raw Sockets:
On Windows 7, Windows Vista, Windows XP with Service Pack 2 (SP2), and Windows XP with Service Pack 3 (SP3), the ability to send traffic over raw sockets has been restricted in several ways:
UDP datagrams with an invalid source address cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped. This change was made to limit the ability of malicious code to create distributed denial-of-service attacks and limits the ability to send spoofed packets (TCP/IP packets with a forged source IP address).
These above restrictions do not apply to Windows Server 2008 R2, Windows Server 2008 , Windows Server 2003, or to versions of the operating system earlier than Windows XP with SP2.
Source: https://msdn.microsoft.com/en-us/library/windows/desktop/ms740548(v=vs.85).aspx