Sign in to follow this  
Followers 0
GeeVee

Packet Crafting ... Is This Possible?

2 posts in this topic

I've found a website were anonymous votes can be cast. The votes are cast via a simple GET request:

/cast_vote.php?t={TIMESTAMP HERE}

There is a response, but it's a blank response. It's one vote per IP address. Only IP's from within the UK can vote, other votes are ignored.

So, I thought about packet crafting. If I was to use a tool such as scapy, would it be possible to alter the source address to a random IP within a UK IP class (such as a mobile network provider, or ISP) and send multiple GET requests?

I understand I wouldn't get a response, the response is not important. But I have a couple of questions ...

1. By altering the source addresses from my computer, would it go through my router, and ISP, with the same source address and reach the destination?

2. Would the response get sent to the IP addresses I've effectively spoofed? And if not, would this effect the voting if the server can't send a response?

Thanks for any advice in advanced.

0

Share this post


Link to post
Share on other sites

I've found a website were anonymous votes can be cast. The votes are cast via a simple GET request:

/cast_vote.php?t={TIMESTAMP HERE}

There is a response, but it's a blank response. It's one vote per IP address. Only IP's from within the UK can vote, other votes are ignored.

So, I thought about packet crafting. If I was to use a tool such as scapy, would it be possible to alter the source address to a random IP within a UK IP class (such as a mobile network provider, or ISP) and send multiple GET requests?

I understand I wouldn't get a response, the response is not important. But I have a couple of questions ...

1. By altering the source addresses from my computer, would it go through my router, and ISP, with the same source address and reach the destination?

2. Would the response get sent to the IP addresses I've effectively spoofed? And if not, would this effect the voting if the server can't send a response?

Thanks for any advice in advanced.

Many of your questions shall be answered here:

http://www.iss.net/security_center/advice/Underground/Hacking/Methods/Technical/Spoofing/default.htm

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0