Snort mailing list archives
RE: Loopback traffic
From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 26 Apr 2004 10:15:11 -0400
At 05:16 PM 4/23/2004, Chuck Holley wrote:
and we are going to investigate adding something for 127.0.0.1 into our routers access list. Has anyone ever done that?
Yes.. it's part of my standard rules. I block many of the IANA reserved blocks that will obviously never be allocated at my border.
Some simple Cisco IOS ACLs I use (some descriptions lifted from RFC 3330): !one backdoor uses 255.255.255.255 as source IP. the whole !240/4 is reserved for limited broadcast, but I'm only only !blocking the single host full broadcast here access-list 100 deny ip host 255.255.255.255 any log ! 0.0.0.0/8 - Addresses in this block refer to source hosts on "this" ! network. Address 0.0.0.0/32 may be used as a source address for this ! host on this network; other addresses within 0.0.0.0/8 may be used to ! refer to specified hosts on this network [RFC1700, page 4]. access-list 100 deny ip 0.0.0.0 0.255.255.255 any log ! 127.0.0.0/8 - This block is assigned for use as the Internet host ! loopback address. ! This is ordinarily implemented using only 127.0.0.1/32 for loopback, ! but no addresses within this block should ever appear on any network ! anywhere [RFC1700, page 5]. access-list 100 deny ip 127.0.0.0 0.255.255.255 any log access-list 100 deny ip any 127.0.0.0 0.255.255.255 log ------------------------------------------------------- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Loopback traffic Rodrigo B. Ramos (Apr 23)
- RE: Loopback traffic Chuck Holley (Apr 23)
- RE: Loopback traffic Matt Kettler (Apr 26)
- <Possible follow-ups>
- loopback traffic Security Personnel (May 19)
- Re: loopback traffic Matt Kettler (May 19)
- Re: loopback traffic James Riden (May 19)
- Re: loopback traffic Security Personnel (May 19)
- Re: loopback traffic Matt Kettler (May 19)
- RE: loopback traffic Bob Sukovich (May 20)
- RE: Loopback traffic Chuck Holley (Apr 23)