Page 1 of 1

IP Spoofing using Browser ?

Posted: Fri May 20, 2005 6:52 am
by anjanesh
$_SERVER['REMOTE_ADDR'] returns the IP address from which the request is coming from. Is this being sent by the browser ? So if somone recompiles Mozilla from source he can have it send a wrong IP all the time. Is this possible ?

Thanks

Posted: Fri May 20, 2005 6:57 am
by shiznatix
or the user can just use a proxy server all the time. there is no way to be completly certain of a users ip address...i think.

Posted: Fri May 20, 2005 7:00 am
by anjanesh
Ok. But I would like to know is if the IP is coming from the browser's data being set across or from the ISP ? Because the browser info has to pass through the ISP and I thought maybe the ISP can send along the right IP it came from ? Do ISPs send that or is it purely from the users' part ?

Thanks

Posted: Fri May 20, 2005 7:45 am
by Weirdan
It's being determined by your own server (which can be fooled using any anonymous proxy).

Posted: Fri May 20, 2005 9:58 am
by Roja
anjanesh wrote:Ok. But I would like to know is if the IP is coming from the browser's data being set across or from the ISP ? Because the browser info has to pass through the ISP and I thought maybe the ISP can send along the right IP it came from ? Do ISPs send that or is it purely from the users' part ?

Thanks
All of the above.

If the user connects directly to your site, and uses IE, and makes no changes, it will be his/her IP.

However..

If the user uses Opera or Mozilla, its trivial with extensions to change that manually.

If the user connects to an anonymizer/proxy, it will be the address of the proxy. Or might be blank. Or might be spoofed.

If the user connects from AOL, it can report as the ip of the individual, the ip of the closest proxy, or even unrelated proxy IP's.

--

In short, there is *no* reliable way of detecting a user's ip, and the user's ip can often change during a single session.