Security Basics mailing list archives
Re: Trusting localhost?
From: chris <chris09 () comcast net>
Date: 27 Jul 2003 18:39:12 -0000
In-Reply-To: <20030725144443.BC66B44B6 () sitemail everyone net> Well IP spoofing is still very very effective. But the chances of someone from the internet spoofing a 127.0.0.1 source address in a packet and that packet actually making it to you is HIGHLY unlikely. Any correctly configured router should drop this packet because of its source address. Someone from inside the LAN might be able to exploit it somehow/someway but the chances are extremely low. There should be no real reason to goto great lengths to ensure the validity of the packets as the chances of someone spoofing with this source address and actually exploiting your application are like i said really low. --chris http://elusive.filetap.com
Received: (qmail 20693 invoked from network); 25 Jul 2003 15:27:22 -0000 Received: from outgoing2.securityfocus.com (205.206.231.26) by mail.securityfocus.com with SMTP; 25 Jul 2003 15:27:22 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 6559A8F3F5; Fri, 25 Jul 2003 09:28:56 -0600 (MDT)
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
Received: (qmail 8748 invoked from network); 25 Jul 2003 14:48:04 -0000
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
X-Mailer: MIME-tools 5.41 (Entity 5.404)
Date: Fri, 25 Jul 2003 07:44:43 -0700 (PDT)
From: Craig Minton <CraigSecurity () blazemail com>
To: security-basics () securityfocus com
Subject: Trusting localhost?
Reply-To: CraigSecurity () blazemail com
X-Originating-Ip: [204.167.177.68]
Message-Id: <20030725144443.BC66B44B6 () sitemail everyone net>
If you are creating an application that communicates using TCP, but only
want to take requests from the localhost, are there reasons why you
would not want to check that the incoming request is from localhost and
then trust it? This is in a Windows environment. Would IP spoofing
work if the application was checking for the IP address 127.0.0.1? If
so, how likely is it that IP spoofing would work today, in a corporate
environment?
Thank you for any direction you can provide.
_____________________________________________________________
Fight the power! BlazeMail.com
--------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Trusting localhost? Craig Minton (Jul 25)
- Re: Trusting localhost? Birl (Jul 28)
- Re: Trusting localhost? Jude Naidoo (Jul 28)
- <Possible follow-ups>
- Re: Trusting localhost? DownBload (Jul 28)
- Re: Trusting localhost? chris (Jul 28)
- RE: Trusting localhost? David Gillett (Jul 28)