Re: ip spoofing (httpd)
Does his script parse the HTTP headers, or look at the originating IP. If
he parses the headers, then you can spoof that with telnet. If he uses the
orginating IP, then a proxy is the only easy way.
-rishi
On Tue, 10 Apr 2001, mafkees wrote:
> On Tue, Apr 10, 2001 at 08:29:10PM +0200, Clemens Hermann wrote:
> > Hi,
> >
> > today I had a discussion with somebody about the possibility of
> > ip-spoofing that affects the apache. In particular we were talking about
> > a cgi-script he implemented. The script is sort of an
> > online-voting-system. To avoid that someone clicks several
> > times he uses the source-IP and each IP has only got one vote.
> > IMHO it should be quite easy to bypass this sort of "security" because
> > the script evaluates a http-request (vote coded in the URL).
> > Can anyone give me a code-example that does exactly this?
> >
> > tia
> >
> > /ch
> >
> >
> You could of course use a public proxy, vote, switch proxy, vote again, etc. etc.
>
> On the net are lots of pages with public proxy server addresses.
> In your browser you can configure wich proxy to use.
> Be aware that some proxys may be quite slow.
>
> Michiel van Baak
> http://www.maffie.nl
>
> --
> There are 2 major products that came out of Berkeley:
> UNIX and LSD.
> We don't believe this to be a coincidence.
>
> > --
> > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> >
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: