WebApp Sec mailing list archives
RE: Tying a session to an IP address
From: Tom Arseneault <TArseneault () counterpane com>
Date: Mon, 10 May 2004 11:39:46 -0700
It's trivial on UDP but much harder on TCP, though still not imposible. And with UDP or TCP if you spoof the origin address you will never see the return packets. It does aid security, but as other users point out, in todays enviorment of DHCP changing addresses daily, it's unworkable. -----Original Message----- ...
I'd say it doesn't do diddly squat to add to security, since it's trivial to spoof ones address.
Current thread:
- RE: Tying a session to an IP address, (continued)
- RE: Tying a session to an IP address Mike Randall (May 10)
- RE: Tying a session to an IP address Imperva Application Defense Center (May 10)
- Re: Tying a session to an IP address T.J. (May 10)
- Re: Tying a session to an IP address Adam Tuliper (May 10)
- RE: Tying a session to an IP address Steve McCullough (May 11)
- RE: Tying a session to an IP address Wolf, Yonah (May 10)
- RE: Tying a session to an IP address Scovetta, Michael V (May 10)
- Re: Tying a session to an IP address exon (May 10)
- Re: Tying a session to an IP address Mark Foster (May 10)
- Re: Tying a session to an IP address exon (May 10)
- RE: Tying a session to an IP address Tom Arseneault (May 10)
- RE: Tying a session to an IP address Toni Heinonen (May 10)
- Re: Tying a session to an IP address exon (May 10)
- RE: Tying a session to an IP address Tom Martin (May 11)