[nycphp-talk] NEW PHundamentals Question
jon baer
jonbaer at jonbaer.net
Tue Feb 10 03:00:38 EST 2004
> 4. IP address. See 3.
>
> Also, I saw a comment about IP address checking and how it helps to
excellent points ... on a small note a group of us actually 'bombed' a
database example once on a friend who asked me to review some of his work,
the tool of choice was nemesis by jeff nathan
(http://nemesis.sourceforge.net/), he had designed a simple php web tool
relying on IP addresses, the point I tried to make w/ tools like
winpcap/nemesis was the fact that you could forge the request all the way
down to the MAC level so he was looking @ 100,000+ entries seeming to come
from a single IP w/ different MACs filled w/ junk ... a point being that you
dont really need a response in order to do damage ... (granted we knew the
IP) ... was just to show that the IP is not the win all solution either.
- jon
More information about the talk
mailing list