lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: ouz at people.it (Valentino Squilloni - Ouz)
Subject: Odd packet?

On Tue, 25 May 2004, Maarten wrote:

> > Getting quite a few 127.0.0.1 on differing ports lately and I know it isn't
> > originating FROM this machine. Haven't sniffed any packets but they come up
> > in logs.
>
> Not saying what you see must be wrong but, if your routing / packetfilter /
> kernelsettings were properly configured you would not ever get these packets
> as they would be dropped before they would reach your machine.

That's true.  But maybe the OP dropped those packets (perhaps he does't
know :-);  i think so because he's speaking of logs.

> If not your
> ISP, then you (indeed everyone) should always drop packets coming from
> interfaces they _cannot_ originate from.  Antispoofing, that's called.

Completely agree.

> Especially 127.x.x.x is not routed by any ISP which is worth their name.

But I've seen a lot of times those packet, especially the last year with
blaster and DNS servers which resolved microsoftupdate.com in 127.0.0.1 to
try to stop the DOS generated by blaster.

In that case you saw packets coming to your ppp0, tun0 or whatsoever
coming from 127.0.0.1:80


Ouz

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ