Security Basics mailing list archives
Re: Trusting localhost?
From: chris <chris09 () comcast net>
Date: 27 Jul 2003 18:39:12 -0000
In-Reply-To: <20030725144443.BC66B44B6 () sitemail everyone net> Well IP spoofing is still very very effective. But the chances of someone from the internet spoofing a 127.0.0.1 source address in a packet and that packet actually making it to you is HIGHLY unlikely. Any correctly configured router should drop this packet because of its source address. Someone from inside the LAN might be able to exploit it somehow/someway but the chances are extremely low. There should be no real reason to goto great lengths to ensure the validity of the packets as the chances of someone spoofing with this source address and actually exploiting your application are like i said really low. --chris http://elusive.filetap.com
Received: (qmail 20693 invoked from network); 25 Jul 2003 15:27:22 -0000 Received: from outgoing2.securityfocus.com (205.206.231.26) by mail.securityfocus.com with SMTP; 25 Jul 2003 15:27:22 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing2.securityfocus.com (Postfix) with QMQP id 6559A8F3F5; Fri, 25 Jul 2003 09:28:56 -0600 (MDT) Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <security-basics.list-id.securityfocus.com> List-Post: <mailto:security-basics () securityfocus com> List-Help: <mailto:security-basics-help () securityfocus com> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com> Delivered-To: mailing list security-basics () securityfocus com Delivered-To: moderator for security-basics () securityfocus com Received: (qmail 8748 invoked from network); 25 Jul 2003 14:48:04 -0000 Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: 7bit Mime-Version: 1.0 X-Mailer: MIME-tools 5.41 (Entity 5.404) Date: Fri, 25 Jul 2003 07:44:43 -0700 (PDT) From: Craig Minton <CraigSecurity () blazemail com> To: security-basics () securityfocus com Subject: Trusting localhost? Reply-To: CraigSecurity () blazemail com X-Originating-Ip: [204.167.177.68] Message-Id: <20030725144443.BC66B44B6 () sitemail everyone net> If you are creating an application that communicates using TCP, but only want to take requests from the localhost, are there reasons why you would not want to check that the incoming request is from localhost and then trust it? This is in a Windows environment. Would IP spoofing work if the application was checking for the IP address 127.0.0.1? If so, how likely is it that IP spoofing would work today, in a corporate environment? Thank you for any direction you can provide. _____________________________________________________________ Fight the power! BlazeMail.com --------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Trusting localhost? Craig Minton (Jul 25)
- Re: Trusting localhost? Birl (Jul 28)
- Re: Trusting localhost? Jude Naidoo (Jul 28)
- <Possible follow-ups>
- Re: Trusting localhost? DownBload (Jul 28)
- Re: Trusting localhost? chris (Jul 28)
- RE: Trusting localhost? David Gillett (Jul 28)