dorianit
asked on
Spoofed IP in HTML POST attack
Is it possible for a person to spoof the IP in a DOS Post attack? I'm getting the following reports from a person reporting that my IP is attacking their server.
xx.xxx.xxx.xx [15/Jul/2013:07:02:16 -0700] POST somewebsite.net/~internet/ in=
dex.php HTTP/1.1
xx.xxx.xxx.xx [15/Jul/2013:07:02:16 -0700] POST somewebsite.net/~internet/
dex.php HTTP/1.1
It is possible but it would not be easy under most circumstances because they would have to intercept any network responses to your IP address. Have you looked at the file to see what is there? Or did they give you the 'referrer' for that request?
Just plan B, have you checked if you computer is not really attacking their server via malware?
It could be the case that you caught some stuff so your computer is now part of a bot-network.
you can check with tcpview from Microsoft (assuming you are running windows)
Tcpview, that you have to download will tell you in one frame all your outgoing connections. http://technet.microsoft.com/sysinternals/bb897437.aspx
A participant of a botnet should usually have some connections open even though you are not using the internet.
It could be the case that you caught some stuff so your computer is now part of a bot-network.
you can check with tcpview from Microsoft (assuming you are running windows)
Tcpview, that you have to download will tell you in one frame all your outgoing connections. http://technet.microsoft.com/sysinternals/bb897437.aspx
A participant of a botnet should usually have some connections open even though you are not using the internet.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Thank you for the information.
ASKER