How much effort does it take to spoof an Ip Address in a call to a webservice?
Posted
by Rory Becker
on Stack Overflow
See other posts from Stack Overflow
or by Rory Becker
Published on 2008-10-22T15:32:47Z
Indexed on
2010/04/26
22:33 UTC
Read the original article
Hit count: 206
I don't want to know how... Just how complicated....
I'm thinking of securing a webservice or 2 based on the incoming client ipaddress of the caller. Is this in any way secure?
Surely if the IPaddress was being spoofed then the result would have to be sent back to the address that was being spoofed and therefore not reach the spoofer?
Update: Ok so from what I can tell.... I should create a Gettoken() method which checks the IPaddress and passes out a cryptographically significant token with a timeout to any valid IP address. This is then required by any other method before any kind of side effect is allowed.
Since an Attacker can't (likely) get the token without having a valid IP, he will be unable to validly call any of my "dangerous" webmethods ?
© Stack Overflow or respective owner