ip spoofing (httpd)

To: debian-security-ml <debian-security@lists.debian.org>
Subject: ip spoofing (httpd)
From: Clemens Hermann <haribeau@gmx.de>
Date: Tue, 10 Apr 2001 20:29:10 +0200
Message-id: <20010410202910.A3192@ramses.local>

Hi,

today I had a discussion with somebody about the possibility of
ip-spoofing that affects the apache. In particular we were talking about
a cgi-script he implemented. The script is sort of an
online-voting-system. To avoid that someone clicks several
times he uses the source-IP and each IP has only got one vote.
IMHO it should be quite easy to bypass this sort of "security" because
the script evaluates a http-request (vote coded in the URL).
Can anyone give me a code-example that does exactly this?

tia

/ch

Reply to:

Follow-Ups:
- Re: ip spoofing (httpd)
  - From: mafkees <mafkees@maffie.nl>
- Re: ip spoofing (httpd)
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

Prev by Date: Re: IPChains help
Next by Date: Re: ip spoofing (httpd)
Previous by thread: Re: IPChains help
Next by thread: Re: ip spoofing (httpd)
Index(es):
- Date
- Thread