How much effort does it take to spoof an Ip Address in a call to a webservice?

Posted by Rory Becker on Stack Overflow See other posts from Stack Overflow or by Rory Becker
Published on 2008-10-22T15:32:47Z Indexed on 2010/04/26 22:33 UTC
Read the original article Hit count: 204

I don't want to know how... Just how complicated....

I'm thinking of securing a webservice or 2 based on the incoming client ipaddress of the caller. Is this in any way secure?

Surely if the IPaddress was being spoofed then the result would have to be sent back to the address that was being spoofed and therefore not reach the spoofer?

Update: Ok so from what I can tell.... I should create a Gettoken() method which checks the IPaddress and passes out a cryptographically significant token with a timeout to any valid IP address. This is then required by any other method before any kind of side effect is allowed.

Since an Attacker can't (likely) get the token without having a valid IP, he will be unable to validly call any of my "dangerous" webmethods ?

© Stack Overflow or respective owner

Related posts about spoof

Related posts about security