How would the spoofing program, or its user, be able to tell if it was successful? Unless I'm very confused, the definition of spoofing is that the return packets aren't going to come back to you.
the whole thing would have to take place during a tcp control session which used d-h to scramble itself, sort of the same way ssh does.
Diffie-Hellmann is a bit overkill. It's simpler to have the client open a TCP connection to the server, retrieve a token which is just some reasonable number of random bits like 64, then send the token back in a set of UDP packets using spoofed addresses, then pause for a second or two and ask the server (through the TCP connection) whether it saw the spoofed packets. Three UDP packets should be enough to eliminate most packet loss scenarios and the spoofed address could be chosen by munging the first octet to a number from 44 to 54. That's enough for the server to collect stats and to provide a status report to the client. If the client is behind a NAT, and the spoofed source address doesn't get through, then that's OK because it means that no application in that same location behind the NAT can use spoofed addresses. --Michael Dillon