homepage Welcome to WebmasterWorld Guest from 54.198.140.148
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
Forum Library, Charter, Moderators: coopster & jatar k & phranque

Perl Server Side CGI Scripting Forum

    
Cgi Remote addr
Can this be spoofed?
Dabrowski




msg:3812993
 8:36 pm on Dec 22, 2008 (gmt 0)

ok, we all know the REMOTE_ADDR variable, the IP of the client computer.

Is there any way at all this can lie? Client end routers/firewalls excepted, is there any way an attacker can fake his reported IP?

 

IanKelley




msg:3813135
 2:41 am on Dec 23, 2008 (gmt 0)

Not without internal access at the ISP, or a major hub in between... Not easy. Considering how simple it is to just use a proxy the chances of seeing a spoofed IP are basically zero.

janharders




msg:3813239
 8:27 am on Dec 23, 2008 (gmt 0)

yeah, unless you count a proxy as "faked", it's pretty safe to be real.
Allthough, I'm really not into this technical stuff, but I always thought that most cgi-scripts are kind of vulnerable in that way because of http's statelessness, i.e. you could spoof a request from a certain IP and have a script executed. You wouldn't get the output, of course, but the script would run and get the spoofed IP as the client.
As I said, I don't really know if that's true, I just got the impression from reading a little into the whole thing - anyone care to clear that up?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved