How much effort does it take to spoof an Ip Address in a call to a webservice?

Posted by Rory Becker on Stack Overflow See other posts from Stack Overflow or by Rory Becker
Published on 2008-10-22T15:32:47Z Indexed on 2010/04/26 22:33 UTC
Read the original article Hit count: 247

Filed under:

spoof

|

security

|

ip-address

|

web-services

I don't want to know how... Just how complicated....

I'm thinking of securing a webservice or 2 based on the incoming client ipaddress of the caller. Is this in any way secure?

Surely if the IPaddress was being spoofed then the result would have to be sent back to the address that was being spoofed and therefore not reach the spoofer?

Update: Ok so from what I can tell.... I should create a Gettoken() method which checks the IPaddress and passes out a cryptographically significant token with a timeout to any valid IP address. This is then required by any other method before any kind of side effect is allowed.

Since an Attacker can't (likely) get the token without having a valid IP, he will be unable to validly call any of my "dangerous" webmethods ?

© Stack Overflow or respective owner

Related posts about spoof

Spoof Mac Address from ip command.

as seen on Super User - Search for 'Super User'
I'm trying to spoof my Mac Address on a modified version of linux (Android). The main problem is that because it has been stripped down, the ifconfig command has been stripped out, and I only can use the 'ip' busybox command. I've been trying to use ip link set address xx:xx:xx:xx:xx:xx dev tiwlan0 but… >>> More
Spoof user agent for GoGo Inflight Internet?

as seen on Super User - Search for 'Super User'
Is it possible to trick the GoGo Inflight WiFi on airlines into thinking that you have a mobile device instead of a laptop? It seems like most airlines that offer in flight wireless these days use GoGo. They offer different pricing for mobile and laptops. It seems like they are checking the browser's… >>> More
How can I spoof a jndi lookup for a datasource without a app server

as seen on Stack Overflow - Search for 'Stack Overflow'
I want to test some new functionality which is part of an internal web app. This new code uses a database connection normally provided by an app server (tomcat). I do not want to recreate the entire web app on my local machine to test the new code, since I only need to run one function. Does anyone… >>> More
Spoof referrer to Google Analytics?

as seen on Stack Overflow - Search for 'Stack Overflow'
Whenever a user visits "Page A" on my site, I immediately redirect him to "Page B" by setting window.location with Javascript. "Page A" has no Google Analytics tracking on it -- when someone is redirected from "Page A" to "Page B" I want to track him as if he entered the site via "Page B". Unfortunately… >>> More
spoof mac address

as seen on Stack Overflow - Search for 'Stack Overflow'
// macaddress.cpp : Defines the entry point for the console application. // #include "stdafx.h" #include <windows.h> #include <iostream> using namespace std; void readregistry(); void spoofmac(); void main(int argc, char* argv[]) { readregistry(); spoofmac(); } void spoofmac() { … >>> More

Related posts about security

sudo apt-get update errors

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security… >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Devx - Search for 'Devx'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Internet.com - Search for 'Internet.com'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
StackOverFlowError while creating Mac object on AS400/Java

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I am a newbie to AS400-Java programming. I am trying to create my first program to test the implementation of Message Authentication Code (MAC). I am trying to use the HMACSHA1 hash function. My (Java 1.4) program runs fine on a dev box (V5R4).But fails terribly on the QA box (V5R3). My… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More