24
Advanced Methods to
Determine
Who is Attacking
Who is Attacking
The HTTP Referer
Format:
Referer:
http://www.my.site/cgi-bin/login.pl?id=12345
Sent
by browser for normal flow requests
Can be used to identify attacks
False positive: Javascript generated links, some
(rare) browsers
False
negative: smart hackers