Security Basics mailing list archives
Re: Trusting localhost?
From: Birl <sbirl () temple edu>
Date: Fri, 25 Jul 2003 11:38:40 -0400 (EDT)
As it was written on Jul 25, thus Craig Minton spake unto the masses: Craig: Date: Fri, 25 Jul 2003 07:44:43 -0700 (PDT) Craig: From: Craig Minton <CraigSecurity () blazemail com> Craig: To: security-basics () securityfocus com Craig: Subject: Trusting localhost? Craig: Craig: If you are creating an application that communicates using TCP, but only Craig: want to take requests from the localhost, are there reasons why you Craig: would not want to check that the incoming request is from localhost and Craig: then trust it? This is in a Windows environment. Would IP spoofing Craig: work if the application was checking for the IP address 127.0.0.1? If Craig: so, how likely is it that IP spoofing would work today, in a corporate Craig: environment? Craig: Craig: Thank you for any direction you can provide. 127.xxx.yyy.zzz will only go back to itself, never leaving the network (let alone touch it). To spoof it would be pointless. Thanks Scott Birl http://concept.temple.edu/sysadmin/ Senior Systems Administrator Computer Services Temple University ====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====* --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Trusting localhost? Craig Minton (Jul 25)
- Re: Trusting localhost? Birl (Jul 28)
- Re: Trusting localhost? Jude Naidoo (Jul 28)
- <Possible follow-ups>
- Re: Trusting localhost? DownBload (Jul 28)
- Re: Trusting localhost? chris (Jul 28)
- RE: Trusting localhost? David Gillett (Jul 28)