Security Basics mailing list archives

Re: security--spoofing 127.0.0.1

From: Luca Falavigna <fala83 () libero it>
Date: Sun, 14 Sep 2003 15:46:58 +0200

It is possible to make a Ip Spoofing attack, especially with UDP packets
because of their nature (connectionless). An attack can be performed
starting an UDP server on a local machine listening to a port that
router/firewall cannot block (i.e. DNS 53) and redirect the information
included in the data field to a program (usually a shell...).
The solution is to block loopback packets in your firewall.

When you're connected to a network, probably there will be a DCHPserver, which assigns IP addresses dinamically in order to avoid twodifferent machines having the same IP. Don't worry about that. Be surethat the IP you got from DHCP belongs to your ISP's ones.




Luca





Mr Babak Memari ha scritto:

Salaam,

As you know there are some IPs that they are not addressed
directly,for example:

255.255.255.255
127.0.0.1
10/
172.16/31
192.168/
Is there anything else?if yes,please write all of them and their
uses to me.


We know also that we can use  IP-spoofing.
Is it possible to spoof these IPs above.

I am debating with myself whether it is possible to spoof these IPs
above or not?For example spoofing 127.0.0.1 ?
I am asking these questions because I have seen these logs in my
firewall (in winXP and win2000 and win98 ) several times.

This logs is for "Outpost firewall`s attack detection"
9/10/2003 Connection request    217.218.13.150    ICMP(2048)

9/10/2003 My address 127.0.0.19/10/2003 Connection request 127.0.0.1 TCP(1834)

9/10/2003 Connection request    217.218.40.152    ICMP(2048)

And sometimes my local host`s IP changes to something else such as
146.0.0.0 and etc.

What program (in windows OS) is responsible for 127.0.0.1 ??
I think it is possible to  spoof this IP ( 127.0.0.1  ) .
why not?
what is your idea??





---------------------------------------------------------------------------

Captus NetworksAre you prepared for the next Sobig & Blaster?- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans- Precisely Define and Implement Network Security- Automatically Control P2P, IM and Spam TrafficFIND OUT NOW - FREE Vulnerability Assessment Toolkithttp://www.captusnetworks.com/ads/42.htm

----------------------------------------------------------------------------

Current thread:

security--spoofing 127.0.0.1 Mr Babak Memari (Sep 11)
- Re: security--spoofing 127.0.0.1 Birl (Sep 11)
- Re: security--spoofing 127.0.0.1 Luca Falavigna (Sep 15)