From: Ben Dunlap >> You might try to use the reported IP of the submitter, again unique, but >> that can be forged -- so again anyone can vote more than once. > > Can you say more about forging the reported IP? I've always been under > the impression that forging the source IP in a TCP session is a pretty > sophisticated operation, but maybe I'm mistaken about that.
Forging IP addresses is actually quite simple. VMs do it all the time when bridged to the real NIC. There are also some projects on Source Forge designed to load test HTTP servers that do similar things. I have an application I wrote for testing that can emulate an entire class B subnet full of computers. All it takes is a little digging around on Google, a FreeBSD system installed in a VM and a little knowledge of the local network topology. In my case I have several blocks of addresses allocated by the local administrator for this test bed. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
