Beefy Boxes and Bandwidth Generously Provided by pair Networks
Come for the quick hacks, stay for the epiphanies.
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??

Update: I just re-read what jepri said and realized that I was wrong in my initial response. He is correct that a spoofed IP address will prevent a TCP connection from being established, since the origin application will need to use the TCP sequence number from the destination server's SYN-ACK packet to completely establish the connection. The stuff I said only applies to connectionless IP protocols, not those with connections like TCP. Sorry. I have removed the original contents of this node to avoid misleading anyone.

A TCP connection can only be spoofed if the TCP sequnce number returned by the server can be predicted. If it can, then an attacker with the ability to spoof IP addresses can just send all the packets for the HTTP request without requiring the acknowledging packets from the server. This is referred to as "Blind TCP Spoofing". This article provides a decent overview.


In reply to Re: Re: Re: is IP# in $ENV{REMOTE_ADDR} spoofable? by mdillon
in thread is IP# in $ENV{REMOTE_ADDR} spoofable? by mandog

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others avoiding work at the Monastery: (4)
As of 2024-03-29 09:27 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found