[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040526102939.GE598@freesbee.wheel.dk>
From: ssch at wheel.dk (Steffen Schumacher)
Subject: Odd packet?
On 26.05.2004 11:05:43 +0000, Valentino Squilloni - Ouz wrote:
> On Wed, 26 May 2004, Steffen Schumacher wrote:
>
> []
> > However, as you said, no ISP, which has to follow rules and regulations
> > in the western world allows spoofing of or even routing of the 127/8 net.
>
> Yes, but 127/8 as the source or the destination ?
>
Well no matter which, a packet with that src or dst should *never' originate from the ISP.
I haven't heard of anyone routing 127/8 or allowing spoofing of 127/8 addresses.
I can only speak for my own company (a middlesized european ISP), and none of our > 1k backbone
routers route 127/8 or allow incoming packets with src 127/8 unless its in L2/3 VPN.
the 127/8 is reserved for loopback interfaces and should NOT be routed or allowed. Any breach of this
should result in complaints to the ISP in question!.
> Even the OP didn't mentioned this. I'm proned to believe those packets
> have 127.0.0.1 as the source of the packets.
>
I'm proned to think that if indeed these packets was seen on the wire, it was his own pc that
generated them.
PS. To Maarten: Sorry for mixing your name in this one Maarten - I apologize!
> --
> >avendo accesso come root ad un server remoto, come potrei fare a rendere
> >il sistema non utilizzabile ma in modo sottile ?
> Se NT puo' installarsi via FTP, e' la tua risposta.
> -- Leonardo Serni
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists