PHWinfo - Afficher un message

22/01/2008, 01h52

Jerry Stuckle wrote:

> The Natural Philosopher wrote:
>> Jonas Werres wrote:
>>>> Nothing at all to do with PHP.
>>>
>>> I think you did not understand what I wrote.
>>>
>>> The OP asked if one can spoof the IP address while requesting a
>>> document. Jerry says (correctly) that it would not be possible to get
>>> the answer. That might imply that is IS possible to make a request, but
>>> the answer goes nowhere. That would be enough if the purpose of the
>>> request was e.g. to delete a database by SQL injection. The answer is
>>> unimportant.
>>>
>>> What I said was that I think it is not even possible to make a request
>>> (regardless where the answer would go), because that would require a
>>> connection which cannot be established with a spoofed IP.
>>
>>
>> A request implies an open TCP connection, which implies that a session
>> has been set up.
>>
>
> Not the way TCP/IP works. You can send up to 7 packets before an ACK is
> required by the sender. This is all done by the transport layer, and
> the web server has no idea what's going on.
>
> In that 7 packets you can get several pieces of information. It will go
> to the web server and be processed.
>
> The web server doesn't reply until it gets the HTTP request - which can
> be much later.
>
> If the web server's TCP/IP doesn't get the packet, obviously the ACK
> won't be returned. So after a timeout period, the sender's TCP/IP
> resends it (if, instead, the ACK got lost on the return, it is the web
> server's TCP/IP which sorts it out).

I am missing something....What are you trying to say here?

TCP/IP from a proper stack (non microsoft) requires

Client --- Host
SYN -->
<-- SYN+ACK
ACK -->

to open a connection.

Now data can be exchanged.
Then the 7 packet rule comes into play, you must establish a "connection"
first.

This link may :

http://www.linuxsecurity.com/resourc...-security.html

[putolin]

--
Dancin in the ruins tonight
Tayo'y Mga Pinoy

22/01/2008, 01h52	#11
Baho Utot Messages: n/a Hébergeur:	Re: IP Spoofing Jerry Stuckle wrote: > The Natural Philosopher wrote: >> Jonas Werres wrote: >>>> Nothing at all to do with PHP. >>> >>> I think you did not understand what I wrote. >>> >>> The OP asked if one can spoof the IP address while requesting a >>> document. Jerry says (correctly) that it would not be possible to get >>> the answer. That might imply that is IS possible to make a request, but >>> the answer goes nowhere. That would be enough if the purpose of the >>> request was e.g. to delete a database by SQL injection. The answer is >>> unimportant. >>> >>> What I said was that I think it is not even possible to make a request >>> (regardless where the answer would go), because that would require a >>> connection which cannot be established with a spoofed IP. >> >> >> A request implies an open TCP connection, which implies that a session >> has been set up. >> > > Not the way TCP/IP works. You can send up to 7 packets before an ACK is > required by the sender. This is all done by the transport layer, and > the web server has no idea what's going on. > > In that 7 packets you can get several pieces of information. It will go > to the web server and be processed. > > The web server doesn't reply until it gets the HTTP request - which can > be much later. > > If the web server's TCP/IP doesn't get the packet, obviously the ACK > won't be returned. So after a timeout period, the sender's TCP/IP > resends it (if, instead, the ACK got lost on the return, it is the web > server's TCP/IP which sorts it out). I am missing something....What are you trying to say here? TCP/IP from a proper stack (non microsoft) requires Client --- Host SYN --> <-- SYN+ACK ACK --> to open a connection. Now data can be exchanged. Then the 7 packet rule comes into play, you must establish a "connection" first. This link may : http://www.linuxsecurity.com/resourc...-security.html [putolin] -- Dancin in the ruins tonight Tayo'y Mga Pinoy