On Wed, Mar 14, 2012 at 16:28, Nadav Har'El <n...@math.technion.ac.il> wrote: > On Wed, Mar 14, 2012, ik wrote about "HTTP IP spoofing detection": >> Hello, >> >> I'm trying to detect a layer 7 based HTTP request, and see if it >> contain headers that provided as spoofed IP address. >> Is there a way to detect what is the Ethernet that the request arrived >> from at apace level ? > > Generally, endpoints on the Internet will have a hard time spoofing > their IP address on connection-oriented protocols (like TCP-based HTTP > is) because while sending a packet with a false "source IP" is easy, > it's much more difficult to get back replies, when the victim sends them > to the falsfied IP address, which routers across the internet won't > route to the attacker. > > TCP in particular protects again "blind" connection setup (where the > attacker cannot see replies) through its three-way handshake: > The attacker can send a SYN packet with a false source address, > and the server will reply to this false address with a SYN-ACK. > This server reply contains a server-chosen random initial sequence number. > The attacker will never receive this packet, so he'll not be able to > respond to it with its own ACK, as needed, and the connection will > NOT be established. > > Anyway, if you really need to authenticate remote machines, > you should probably not do this based on their IP address, and rely on > more secure methods (e.g., SSL). Or at least don't allow the first packet > (an HTTP request) to do any damage.
Thank you, and everyone else for the answers. It seems like I'm over thinking this issue. I'll try to work on layer 3 instead. > > -- > Nadav Har'El | Wednesday, Mar 14 2012, > n...@math.technion.ac.il > |----------------------------------------- > Phone +972-523-790466, ICQ 13349191 |A smart man always covers his ass. A wise > http://nadav.harel.org.il |man just keeps his pants on. Ido _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il