From: Ben Dunlap

>> You might try to use the reported IP of the submitter, again unique,
>> that can be forged -- so again anyone can vote more than once.
> Can you say more about forging the reported IP? I've always been under
> the impression that forging the source IP in a TCP session is a pretty
> sophisticated operation, but maybe I'm mistaken about that.

Forging IP addresses is actually quite simple. VMs do it all the time
when bridged to the real NIC. There are also some projects on Source
Forge designed to load test HTTP servers that do similar things. I have
an application I wrote for testing that can emulate an entire class B
subnet full of computers. All it takes is a little digging around on
Google, a FreeBSD system installed in a VM and a little knowledge of the
local network topology. In my case I have several blocks of addresses
allocated by the local administrator for this test bed.

Bob McConnell

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to