Link to home
Create AccountLog in
Avatar of dorianit
dorianit

asked on

Spoofed IP in HTML POST attack

Is it possible for a person to spoof the IP in a DOS Post attack?  I'm getting the following reports from a person reporting that my IP is attacking their server.

xx.xxx.xxx.xx   [15/Jul/2013:07:02:16 -0700]    POST somewebsite.net/~internet/in=
dex.php HTTP/1.1
Avatar of dorianit
dorianit

ASKER

To clarify, I should have asked "Is it possible for the source IP to be spoofed?"  thank you.
Avatar of Dave Baldwin
It is possible but it would not be easy under most circumstances because they would have to intercept any network responses to your IP address.  Have you looked at the file to see what is there?  Or did they give you the 'referrer' for that request?
Just plan B, have you checked if you computer is not really attacking their server via malware?

It could be the case that you caught some stuff so your computer is now part of a bot-network.

you can check with tcpview from Microsoft (assuming you are running windows)
Tcpview, that you have to download will tell you in one frame all your outgoing connections. http://technet.microsoft.com/sysinternals/bb897437.aspx

A participant of a botnet should usually have some connections open even though you are not using the internet.
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Thank you for the information.