2

For example, if I sign on to a bank website, and the bank gave me a cookie as an auth token.

Now instead of logging off, I simply close the web browser tab.

So now, if a hacker can somehow get my auth token, can he or she then fake that it is me by also faking the IP?

(I suppose the bank will restrict access to the IP I used with that auth token... but then isn't it true that even if the hacker cannot fake an IP address, he or she might be able to emit requests from my Mac or PC and therefore really emit the requests from my IP?)

nonopolarity
  • 141
  • 1
  • 3
  • 3
    You can't generally restrict an auth token to a single IP address, as users may legitimately change IP address during a session. For example they may switch wifi networks, switch between wifi and cellular data, or connect via a multi-homed proxy gateway. – Mike Scott Jun 10 '17 at 08:52
  • 2
    I think you are confusing what banks use to log, with what they use to authenticate. The only thing that will raise a red flag according to IP is if you live in say America, but then suddenly you want to make a 2000 dollar withdrawal from Morocco. Otherwise the bank is largely unconcerned with your ip. If they can steal your session however, that's another story, but in general banks don't have the kind of fort knox infrastructure we like to believe they do. Its mostly the same technologies everyone else is using. – Nalaurien Jun 10 '17 at 08:54
  • 1
    Hackers can fake an IP, but they won't get any responses from the server, so this technique is very limited. – schroeder Jun 10 '17 at 17:42
  • maybe helpful https://superuser.com/questions/619477/how-do-i-spoof-the-ip-that-my-computer-sends-a-server-without-using-something-li –  Jun 11 '17 at 04:51

1 Answers1

1

An attack from a remote location to fake your IP address, as opposed to just using your IP address, is very difficult to pull off as it requires changing the Internet network routing tables. Otherwise, the network packets would go back to your machine, rather than to the attacker's.

An attack from the same area might work if your Internet IP address is a dynamic one, as most home broadband ones are. They may be able to bump you off your IP address if they're using the same ISP in the same area by timing a renewal of their IP address just as your DHCP lease expires, before your router manages to re-acquire it, but it isn't easy to do. It would probably be easier to hack into your network to do it, or indeed, to take over your machine.

Pak
  • 341
  • 1
  • 5