[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ip spoofing (httpd)

On Tue, Apr 10, 2001 at 08:29:10PM +0200, Clemens Hermann wrote:
> Hi,
> today I had a discussion with somebody about the possibility of
> ip-spoofing that affects the apache. In particular we were talking about
> a cgi-script he implemented. The script is sort of an
> online-voting-system. To avoid that someone clicks several
> times he uses the source-IP and each IP has only got one vote.
> IMHO it should be quite easy to bypass this sort of "security" because
> the script evaluates a http-request (vote coded in the URL).
> Can anyone give me a code-example that does exactly this?
> tia
> /ch
You could of course use a public proxy, vote, switch proxy, vote again, etc. etc.

On the net are lots of pages with public proxy server addresses.
In your browser you can configure wich proxy to use.
Be aware that some proxys may be quite slow.

Michiel van Baak

There are 2 major products that came out of Berkeley:
We don't believe this to be a coincidence.
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: