- From: Adam Barth <w3c@adambarth.com>
- Date: Wed, 17 Jun 2009 11:06:41 -0700
- To: Anne van Kesteren <annevk@opera.com>
- Cc: Tyler Close <tyler.close@gmail.com>, Mark Nottingham <mnot@mnot.net>, public-webapps <public-webapps@w3.org>
Re-sending from the right address. Adam 2009/6/17 Adam Barth <adam@adambarth.com>: > 2009/6/17 Anne van Kesteren <annevk@opera.com>: >> On Wed, 17 Jun 2009 16:35:13 +0200, Tyler Close <tyler.close@gmail.com> wrote: >>> Isn't it already possible to forge the IP address >>> on a HTTP request to a web site, especially if you don't need to get >>> the answer? >> >> I don't know. > > I'd classify this as moderately difficult. It's not something I can do for $5, but given a few hundred dollars, I can probably do it. Recall that sending an HTTP request requires a full TCP handshake, so its not as easy as SYN flooding. > > Adam >
Received on Wednesday, 17 June 2009 18:07:17 UTC