On Wed, Mar 14, 2012 at 1:23 PM, ik <ido...@gmail.com> wrote: > Hello, > > I'm trying to detect a layer 7 based HTTP request, and see if it > contain headers that provided as spoofed IP address. > Is there a way to detect what is the Ethernet that the request arrived > from at apace level ? > > If so, how can I provide rules what to do according to an HTTP header > fields ? > > You could look at the ARP cache by reading /proc/net/arp I guess.
You ARE aware that Ethernet MACs, just like IPs, can be 'spoofed', right? If your LAN is insecure, secure your LAN. Don't run web applications on unsecure networks... -- Shimi
_______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il