Posted by Marek Kilimajer on 02/24/05 12:33

Lester Caine wrote:
> Sed wrote:
>
>> Is it possible for hackers to give a fake IP address when visiting a
>> website
>> running PHP?
>>
>> I want to allow certain IP addresses have access to a website (other IP
>> addresses not), is it possible for someone (e.g. hacker) to give fake IP
>> address? If so, how is the website returned to this someone?
>>
>> If you have any reference or links on this, please send me!
>
>
> If you know the addresses you want to allow access, then it will be
> reasonably safe, since the hacker would have to have the same list, and
> if they have inside information, they are probably already hacking you
> by some other route. Almost anything can be faked if they want to, but
> they have to know WHAT to fake ;)

I would not rely on IP addresses being secret. There are ways to find
out IP addresses that belong to an organization, and try the whole
range. For example just by receiving an email. And second, most attacks
come from insiders, they have the info and far greater possibilities.

[Back to original message]