Re: Odd packet?

[Steffen Schumacher <ssch () wheel dk>]

On 26.05.2004 11:05:43 +0000, Valentino Squilloni - Ouz wrote:
> On Wed, 26 May 2004, Steffen Schumacher wrote:
>
> []
> > However, as you said, no ISP, which has to follow rules and regulations
> > in the western world allows spoofing of or even routing of the 127/8 net.
>
> Yes, but 127/8 as the source or the destination ?

Well no matter which, a packet with that src or dst should *never' originate from the ISP.
I haven't heard of anyone routing 127/8 or allowing spoofing of 127/8 addresses.
I can only speak for my own company (a middlesized european ISP), and none of our > 1k backbone 
routers route 127/8 or allow incoming packets with src 127/8 unless its in L2/3 VPN.
 
the 127/8 is reserved for loopback interfaces and should NOT be routed or allowed. Any breach of this 
should result in complaints to the ISP in question!.

> Even the OP didn't mentioned this.  I'm proned to believe those packets
> have 127.0.0.1 as the source of the packets.

I'm proned to think that if indeed these packets was seen on the wire, it was his own pc that
generated them.


PS. To Maarten: Sorry for mixing your name in this one Maarten - I apologize!
 
> -- 
> > avendo accesso come root ad un server remoto, come potrei fare a rendere
> > il sistema non utilizzabile ma in modo sottile ?
> Se NT puo' installarsi via FTP, e' la tua risposta.
>                 -- Leonardo Serni
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html