On 6/16/07, william(at)elan.net <william@xxxxxxxx> wrote:
On Sat, 16 Jun 2007, PHP Developer wrote: > I wanna know that is there a way to forge someone's IP address? for > example, I have a client with an static ip address, and she is a > superuser. Can i rely on her IP address? or somebody else can forge her > IP? I don't want her to enter a username and a password.. For purposes of above question only (and assuming application is PHP and thus running on HTTP which is TCP-based protocol) the answer is that you can rely on the ip address. For general purposes the answer is you can forge ip address and can not rely on them (due to NAT and other issues) but its very very not easy and a lot depends on protocol in question. -- William Leibzon Elan Networks william@xxxxxxxx -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
If it's something very mission-critical and/or top secret, NEVER strictly rely on the IP. In fact, IP spoofing is one of the very basic fundamentals in "hackology" and is not only rather easy to do, but also rather common. I'd suggest doing a hash of the system (similar to what the default SSH client on Linux does) and using that, which is a lot more difficult to duplicate. -- Daniel P. Brown [office] (570-) 587-7080 Ext. 272 [mobile] (570-) 766-8107 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
