duandongjin5647 2017-08-24 09:12
浏览 500

在Intranet中伪造$ _SERVER ['REMOTE_ADDR']?

I've looked around for an answer to this question, but the answers are always situational - so here's mine:

If a hacker is on a limited, local network, can they fake the IP in $_SERVER[‘REMOTE_ADDR’]? (and out of curiosity - how?)

I understand that when it comes to the internet, any variable such as this can be wrangled into whatever you want. But in a local, wired network that may not even be connected to the internet at all, can they fake this address? I'm assuming that Mr.MissionImpossible is crawling along the ceiling with a notebook and Ethernet cable into one of the switches. The response in this scenario won't matter - but running the PHP script should only be limited from certain location(s).

Thanks in advance!

  • 写回答

1条回答 默认 最新

  • dongsha7215 2017-08-24 09:15
    关注

    I don't know for definite if this can be faked in general, I would guess it probably can if you know what you're doing. But an intranet is a TCP/IP network with, in the case of a website, a HTTP layer over the top. The environment is essentially the same.

    So if it can be done on the public internet, it can be done on your internal network too.

    评论

报告相同问题?

悬赏问题

  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度