lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.58.0405252259420.11606@damun.fork.ouz> From: ouz at people.it (Valentino Squilloni - Ouz) Subject: Odd packet? On Tue, 25 May 2004, Maarten wrote: > > Getting quite a few 127.0.0.1 on differing ports lately and I know it isn't > > originating FROM this machine. Haven't sniffed any packets but they come up > > in logs. > > Not saying what you see must be wrong but, if your routing / packetfilter / > kernelsettings were properly configured you would not ever get these packets > as they would be dropped before they would reach your machine. That's true. But maybe the OP dropped those packets (perhaps he does't know :-); i think so because he's speaking of logs. > If not your > ISP, then you (indeed everyone) should always drop packets coming from > interfaces they _cannot_ originate from. Antispoofing, that's called. Completely agree. > Especially 127.x.x.x is not routed by any ISP which is worth their name. But I've seen a lot of times those packet, especially the last year with blaster and DNS servers which resolved microsoftupdate.com in 127.0.0.1 to try to stop the DOS generated by blaster. In that case you saw packets coming to your ppp0, tun0 or whatsoever coming from 127.0.0.1:80 Ouz
Powered by blists - more mailing lists