[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ip spoofing (httpd)

On Tue, Apr 10, 2001 at 08:29:10PM +0200, Clemens Hermann wrote:
> Hi,
> today I had a discussion with somebody about the possibility of
> ip-spoofing that affects the apache. In particular we were talking about
> a cgi-script he implemented. The script is sort of an
> online-voting-system. To avoid that someone clicks several
> times he uses the source-IP and each IP has only got one vote.
> IMHO it should be quite easy to bypass this sort of "security" because
> the script evaluates a http-request (vote coded in the URL).
> Can anyone give me a code-example that does exactly this?
  Spoofing TCP is hard, because you have to guess the initial sequence
number.  (If it's not generated very randomly, then it's not hard.  See
output of nmap.)  A way to make multiple votes would be to use FTP bounce
attacks, since then you could have a TCP connection coming from any FTP
server you could bounce from.  Or, you could make a few votes using your own
IP and your ISP's web proxy (assuming they run one).

#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Reply to: