lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040526102939.GE598@freesbee.wheel.dk>
From: ssch at wheel.dk (Steffen Schumacher)
Subject: Odd packet?

On 26.05.2004 11:05:43 +0000, Valentino Squilloni - Ouz wrote:
> On Wed, 26 May 2004, Steffen Schumacher wrote:
> 
> []
> > However, as you said, no ISP, which has to follow rules and regulations
> > in the western world allows spoofing of or even routing of the 127/8 net.
> 
> Yes, but 127/8 as the source or the destination ?
>

Well no matter which, a packet with that src or dst should *never' originate from the ISP.
I haven't heard of anyone routing 127/8 or allowing spoofing of 127/8 addresses.
I can only speak for my own company (a middlesized european ISP), and none of our > 1k backbone 
routers route 127/8 or allow incoming packets with src 127/8 unless its in L2/3 VPN.
 
the 127/8 is reserved for loopback interfaces and should NOT be routed or allowed. Any breach of this 
should result in complaints to the ISP in question!.

> Even the OP didn't mentioned this.  I'm proned to believe those packets
> have 127.0.0.1 as the source of the packets.
>

I'm proned to think that if indeed these packets was seen on the wire, it was his own pc that
generated them.


PS. To Maarten: Sorry for mixing your name in this one Maarten - I apologize!
 
> -- 
> >avendo accesso come root ad un server remoto, come potrei fare a rendere
> >il sistema non utilizzabile ma in modo sottile ?
> Se NT puo' installarsi via FTP, e' la tua risposta.
>                 -- Leonardo Serni
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ