HTTP IP spoofing detection
shimi
linux-il at shimi.net
Wed Mar 14 13:30:36 IST 2012
On Wed, Mar 14, 2012 at 1:23 PM, ik <idokan at gmail.com> wrote:
> Hello,
>
> I'm trying to detect a layer 7 based HTTP request, and see if it
> contain headers that provided as spoofed IP address.
> Is there a way to detect what is the Ethernet that the request arrived
> from at apace level ?
>
> If so, how can I provide rules what to do according to an HTTP header
> fields ?
>
>
You could look at the ARP cache by reading /proc/net/arp I guess.
You ARE aware that Ethernet MACs, just like IPs, can be 'spoofed', right?
If your LAN is insecure, secure your LAN. Don't run web applications on
unsecure networks...
-- Shimi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20120314/6692d86e/attachment.html>
More information about the Linux-il
mailing list