Reputation: 11
Best way to do 'loose' IP check for protection against session hijacking
What is the best way to do 'loose' IP check for protection against session hijacking, which work both for IPv4 and IPv6? I got an array which saves all users ip addresses and how many times the user have connected from that address:
$arr = array(ip_address => connected_times, ...);
Now do I want to do loose IP check and compare it against $_SERVER['REMOTE_ADDR']. If the user have only connect from 1 address, should it assume the session id have been hijacked. In the same time, if the user change IP address regularly from 82.34.24.* to 82.34.24.* should it assume everything is normal, but if the user suddenly connect from 82.34.33.0 or some address which don´t belong to the same IP group address or never been used before (to example the last 20 request) should it assume session hijacking.
What is the best way to implement this, use inet_pton/inet_nton, but how then?
Upvotes: 1
Views: 288
Answers (1)
Reputation: 360762
You could compare netmasks. It'd go something like this:
$new_ip = '82.34.24.128';
$old_ip = '82.34.25.1';
$old = inet_pton($old_ip);
$new = inet_pton($new_ipd);
if (($num & 0xFFFFFF00) == ($old & 0xFFFFFF00)) {
... identical /24
} else {
... hijacked?
}
Of course, this assumes that whatever network the user is coming from is a /24 (old-style class C) subnet. This'd fail if it's a larger network, like someone at IBM, which has a /8 (old-style class A), in which case you'd need a netmask of 0xFF000000.
Upvotes: 1
Related Questions
- Effective way to protect session hijacking in php
- Session hijacking countering methods
- Securing IP check php
- Check if session IP matches current IP - PHP
- PHP Sessions - checking pevious IP on every page load - To do, or alternatives?
- Protect authenticated PHP session from Session Hijacking through packet sniffing
- PHP Checking User Agent and IP To Prevent Session Hijacking
- Preventing IP spoofing
- Alternatives to IP session binding
- Session hijacking from another angle