| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: fulldisc at ultratux.org (Maarten) Subject: Odd packet? On Tuesday 25 May 2004 15:57, Gregh wrote: > Getting quite a few 127.0.0.1 on differing ports lately and I know it isn't > originating FROM this machine. Haven't sniffed any packets but they come up > in logs. Not saying what you see must be wrong but, if your routing / packetfilter / kernelsettings were properly configured you would not ever get these packets as they would be dropped before they would reach your machine. If not your ISP, then you (indeed everyone) should always drop packets coming from interfaces they _cannot_ originate from. Antispoofing, that's called. Especially 127.x.x.x is not routed by any ISP which is worth their name. Maybe review your setting of /proc/sys/net/ipv4/conf/eth0/rp_filter ? > Anyone know of anything that spoofs as coming from 127.0.0.1 but comes from > outside and what it may relate to? Only been the last week and nothing > changed here. Thanks for any help. Notwithstanding what I said above, spoofing 127.0.0.1 would not really serve a purpose for an attacker. A full TCP handshake would never occur, and a DoS is likewise impossible (or at least real unlikely). But who knows... Any packet dumps available ? Maarten -- Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER
Powered by blists - more mailing lists