-1

I've looked around for an answer to this question, but the answers are always situational - so here's mine:

If a hacker is on a limited, local network, can they fake the IP in $_SERVER[‘REMOTE_ADDR’]? (and out of curiosity - how?)

I understand that when it comes to the internet, any variable such as this can be wrangled into whatever you want. But in a local, wired network that may not even be connected to the internet at all, can they fake this address? I'm assuming that Mr.MissionImpossible is crawling along the ceiling with a notebook and Ethernet cable into one of the switches. The response in this scenario won't matter - but running the PHP script should only be limited from certain location(s).

Thanks in advance!

IamPancakeMan
  • 199
  • 1
  • 10
  • 1
    `$_SERVER[‘REMOTE_ADDR’]` is populated with IP used to access apache server on TCP connection. If they managed to fake this on router, they can fake it. – unalignedmemoryaccess Aug 24 '17 at 09:13
  • So they would have to tell the router "this is my ip" and then connect to the webserver? What if the ip is already being used on the router? – IamPancakeMan Aug 24 '17 at 09:17
  • Wanna start with this maybe: https://en.wikipedia.org/wiki/IP_address_spoofing – CBroe Aug 24 '17 at 09:18
  • Thanks CBroe, I get how this spoofing works now! :) So it would be possible to be at IP A, send to IP B, while pretending to be IP C. ok. – IamPancakeMan Aug 24 '17 at 11:29

1 Answers1

0

I don't know for definite if this can be faked in general, I would guess it probably can if you know what you're doing. But an intranet is a TCP/IP network with, in the case of a website, a HTTP layer over the top. The environment is essentially the same.

So if it can be done on the public internet, it can be done on your internal network too.

ADyson
  • 57,178
  • 14
  • 51
  • 63