有人可以将IP地址欺骗为任何数字吗? [英] Can someone spoof an IP address to any number?

问题描述

一个IP地址可帮助Facebook和Google确定尝试访问您帐户的人是否实际上是您.我已经看到代理能够欺骗" IP地址，但这不会将其更改为正确的IP地址以访问该帐户.如果有人知道我的IP地址和密码到我的一个帐户，有人可以通过欺骗其IP地址来匹配我的IP地址吗?这样的IP地址安全真的很安全，将其合并到我的php脚本中会很好吗?

An IP address helps Facebook and Google to determine whether someone trying to access your account is in fact you. I've seen proxies able to "spoof" the IP address, but that wouldn't change it to the correct one for access to that account. If someone knew my IP address and password to one of my accounts, would it be possible for someone to spoof their IP address to match mine? Is IP address security like this really safe and would it be good to incorporate it into my php scripts?

推荐答案

您不能真正有效地欺骗IP，因为如果这样做，http响应将针对该IP，而不是您的IP.因此，这可能不是您最好的时间利用方式. (它们可能是伪造的，但无法接收预期的数据.)

You can't really spoof an IP effectively because if you do, http responses will go to that IP rather than yours. As such, it'd probably not be the best use of your time. (They can be fake, but they can't receive the intended data.)

通过接收预期数据"，我的意思是，如果某人在127.0.9.63尝试向Google发送登录请求，并且将其IP欺骗为123.53.53.234，则Google会将响应发送至123.53.53.234，不是127.0.9.63.这意味着潜在的127.0.9.63黑客实际上从未收到过任何与您帐户有关的数据.

By "receive the intended data", I mean that if someone at 127.0.9.63 tries to send a login request to Google, and spoofs their IP to be 123.53.53.234, then Google will send the response to 123.53.53.234, not 127.0.9.63. That means that the would-be hacker at 127.0.9.63 never actually receives any data pertaining to your account.

这是一种风险(但可能对您而言不大)-这是进行DDoS(分布式拒绝服务)攻击的一种行之有效的方法.看看本文如果您好奇的话.

This is a risk (but probably not to you) - it's a well established way of conducting DDoS (Distributed Denial of Service) attacks. Have a look at this article if you're curious.

这篇关于有人可以将IP地址欺骗为任何数字吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！