RE: Loopback traffic

[Matt Kettler <mkettler () evi-inc com>]

At 05:16 PM 4/23/2004, Chuck Holley wrote:
> and we are going to investigate
> adding something for 127.0.0.1 into our routers access list.  Has anyone
> ever done that?

Yes.. it's part of my standard rules. I block many of the IANA reserved 
blocks that will obviously never be allocated at my border.

Some simple Cisco IOS ACLs I use (some descriptions lifted from RFC 3330):


!one backdoor uses 255.255.255.255 as source IP. the whole
!240/4 is reserved for limited broadcast, but I'm only only
!blocking the single host full broadcast here
access-list 100 deny   ip host 255.255.255.255 any log

!  0.0.0.0/8 - Addresses in this block refer to source hosts on "this"
!   network.  Address 0.0.0.0/32 may be used as a source address for this
!   host on this network; other addresses within 0.0.0.0/8 may be used to
!   refer to specified hosts on this network [RFC1700, page 4].
access-list 100 deny   ip 0.0.0.0 0.255.255.255 any log

!  127.0.0.0/8 - This block is assigned for use as the Internet host
!   loopback address.
!   This is ordinarily implemented using only 127.0.0.1/32 for loopback,
!   but no addresses within this block should ever appear on any network
!   anywhere [RFC1700, page 5].

access-list 100 deny   ip 127.0.0.0 0.255.255.255 any log
access-list 100 deny   ip any 127.0.0.0 0.255.255.255 log






-------------------------------------------------------
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users