lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue May  3 07:53:02 2005
From: vtlists at wyae.de (Volker Tanger)
Subject: The best hacker ever !

On Mon, 2 May 2005 12:06:39 -0400 (EDT)
Gregory Boyce <gboyce@...belly.com> wrote:
> On Mon, 2 May 2005, Zuxy Haiduc wrote:
> 
> > While most people know better than attacking 127.0.0.1, it's
> > important to note that in some operating systems (Windows, and a few
> > others, but normally not *nix), anything in 127.* is loopback.
> >
> > Its a lot easier to trick someone into attacking, say,
> > 127.36.120.67, than 127.0.0.1.
> 
> 127.36.120.67 works under Linux as well (tested on Ubuntu, Debian,
> Redhat  and Gentoo with 2.2-2.6 kernels).

OTOH I have seen machines (process/machine crontrol systems) that were
hardwired to 127.0.0.*/24 as ethernet addresses (eth0, not loopback)...

Bye

Volker

-- 

Volker Tanger    http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists@...e.de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ