[ale] TCP, Apache, & security

Randy Janinda randy.janinda at ndcorp.com
Thu Jul 13 14:27:46 EDT 2000


Caution: I may be off my rocker.

During a learning session here I theorized that someone could change
their IP address in the middle of an HTTP session and still be able to
execute the GET/POST/etc.. on the webserver. I need some clarification
from those who know:

It takes only 3 packets to 'hit' a webserver:

1) Client send SYN /w SEQ #
2) Server repsondes with ACK/ SEQ #
3) Client sends ACK /w data (GET / HTTP/1.0.........)

What happens if the client sends back a different source IP address in packet
#3? Will the packet still get handed to the webserver for processing
or will the OS see the change, think the flags (ACK, no SYN) are
invalid and drop the packet? Remeber, only the source IP was changed,
not the source port, or anything else.

Just wondering and learning,

Randy
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list