Solved

Authenticate someone by ip, how safe is it?

Posted on 2004-03-25
2
181 Views
Last Modified: 2010-04-11
Hi I have a script on a web server that is accepting xml from certain ip's that I approve. How easy is it for somone to spoof one of my approved ip's and send me unauthorized data? Is there some way that I can check that they are really sending from that ip?
0
Comment
Question by:jimkat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
bloemkool1980 earned 500 total points
ID: 10685790
if it is only sending and the spoofed IP does not need a response it is pretty easy to do it.
I would rather put authentication before you allow them to send. And no you cannot verify if it is spoofed or not unless it is not going over the internet you could check the mac address.
So unless he needs to click on something as a confirmation before sending it is not safe at all. I would rather suggest putting in authentication in combination with the IP address.
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 10686063
as bloemkool1980 indicated, one can easily spoof an IP address BUT it's a one way street, they can send you packets but never get an answer. TCP/IP requires a three-way handshake to establish a connection, you can't just send a steam of packets as with UDP.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question