Re: ip spoofing (httpd)

To: debian-security@lists.debian.org
Subject: Re: ip spoofing (httpd)
From: mafkees <mafkees@maffie.nl>
Date: Tue, 10 Apr 2001 18:55:08 +0200
Message-id: <20010410185508.A16372@maffie.nl>
In-reply-to: <20010410202910.A3192@ramses.local>; from haribeau@gmx.de on Tue, Apr 10, 2001 at 08:29:10PM +0200
References: <20010410202910.A3192@ramses.local>

On Tue, Apr 10, 2001 at 08:29:10PM +0200, Clemens Hermann wrote:
> Hi,
> 
> today I had a discussion with somebody about the possibility of
> ip-spoofing that affects the apache. In particular we were talking about
> a cgi-script he implemented. The script is sort of an
> online-voting-system. To avoid that someone clicks several
> times he uses the source-IP and each IP has only got one vote.
> IMHO it should be quite easy to bypass this sort of "security" because
> the script evaluates a http-request (vote coded in the URL).
> Can anyone give me a code-example that does exactly this?
> 
> tia
> 
> /ch
> 
>
You could of course use a public proxy, vote, switch proxy, vote again, etc. etc.

On the net are lots of pages with public proxy server addresses.
In your browser you can configure wich proxy to use.
Be aware that some proxys may be quite slow.

Michiel van Baak
http://www.maffie.nl

--
There are 2 major products that came out of Berkeley:
UNIX and LSD.
We don't believe this to be a coincidence.
 
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

Follow-Ups:
- Re: ip spoofing (httpd)
  - From: "Dan Rowles" <daniel.rowles@weboutcome.com>
- Re: ip spoofing (httpd)
  - From: Rishi L Khan <rishi@UDel.Edu>

References:
- ip spoofing (httpd)
  - From: Clemens Hermann <haribeau@gmx.de>

Prev by Date: ip spoofing (httpd)
Next by Date: Re: ip spoofing (httpd)
Previous by thread: ip spoofing (httpd)
Next by thread: Re: ip spoofing (httpd)
Index(es):
- Date
- Thread