HTTP IP spoofing detection
ik
idokan at gmail.com
Wed Mar 14 14:02:09 IST 2012
On Wed, Mar 14, 2012 at 13:30, shimi <linux-il at shimi.net> wrote:
>
> On Wed, Mar 14, 2012 at 1:23 PM, ik <idokan at gmail.com> wrote:
>>
>> Hello,
>>
>> I'm trying to detect a layer 7 based HTTP request, and see if it
>> contain headers that provided as spoofed IP address.
>> Is there a way to detect what is the Ethernet that the request arrived
>> from at apace level ?
>>
>> If so, how can I provide rules what to do according to an HTTP header
>> fields ?
>>
>
> You could look at the ARP cache by reading /proc/net/arp I guess.
>
> You ARE aware that Ethernet MACs, just like IPs, can be 'spoofed', right?
Yes, but it's not what I need to work upon.
>
> If your LAN is insecure, secure your LAN. Don't run web applications on
> unsecure networks...
My web app require to work also over the internet, and not only LAN
(client request), that's why I'm looking for a way to secure it
further.
>
> -- Shimi
More information about the Linux-il
mailing list