Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can someone spoof an IP address to any number? [closed]

Tags:

php

ip-address

You can't really spoof an IP effectively because if you do, http responses will go to that IP rather than yours. As such, it'd probably not be the best use of your time. (They can be fake, but they can't receive the intended data.)

By "receive the intended data", I mean that if someone at 127.0.9.63 tries to send a login request to Google, and spoofs their IP to be 123.53.53.234, then Google will send the response to 123.53.53.234, not 127.0.9.63. That means that the would-be hacker at 127.0.9.63 never actually receives any data pertaining to your account.

This is a risk (but probably not to you) - it's a well established way of conducting DDoS (Distributed Denial of Service) attacks. Have a look at this article if you're curious.


The first thing to know is that if someone knows your IP and tries to spoof it, they cannot receive any responses since the response would be sent to your IP. So logging into a website with a spoofed IP is generally not possible.

Also worth knowing is that any ISPs now are able to prevent IP spoofing by filtering out requests originating from their network which come from IP addresses not part of their network.

The spoofer project has a lot of useful information on the subject, including ISPs from which you can and cannot spoof.


IP security is not safe at all. It is super easy for anyone to find your IP and then spoof it to be you. Checking that a person is the right person based on IP is not a strong form of security, but it does help a little. I would suggest using a cookie on the client machine in question such that a unique key is stored on that machine that would have to match one stored in the DB of your server. That would be much safer.