Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Odd packet?

From: Maarten <fulldisc () ultratux org>
Date: Tue, 25 May 2004 23:57:33 +0200
On Tuesday 25 May 2004 22:35, Steffen Schumacher wrote:

On 25.05.2004 21:55:19 +0000, Maarten wrote:

On Tuesday 25 May 2004 15:57, Gregh wrote:

Getting quite a few 127.0.0.1 on differing ports lately and I know it
isn't originating FROM this machine. Haven't sniffed any packets but
they come up in logs.


Not saying what you see must be wrong but, if your routing / packetfilter
/ kernelsettings were properly configured you would not ever get these
packets as they would be dropped before they would reach your machine. 
If not your ISP, then you (indeed everyone) should always drop packets
coming from interfaces they _cannot_ originate from.  Antispoofing,
that's called. Especially 127.x.x.x is not routed by any ISP which is
worth their name.


Logs may still detect packets constructed with a 127/8 address.
However, as you said, no ISP, which has to follow rules and regulations in
the western world allows spoofing of or even routing of the 127/8 net.

So Maarten, if you want to write again, please have packetdumps proving you
case.


Hum...  Aren't you confusing me with Gregh, the OP ?  
And if not, what do you want me to prove ? That 127.0.0.1 is not routed...?

Maarten


/Steffen


-- 
Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: