Security Basics mailing list archives

Re: security--spoofing 127.0.0.1

From: Birl <sbirl () temple edu>
Date: Thu, 11 Sep 2003 12:36:46 -0400 (EDT)

As it was written on Sep 10, thus Mr Babak Memari typed:

Babak:  Salaam,
Babak:
Babak:  As you know there are some IPs that they are not addressed
Babak:  directly,for example:
Babak:
Babak:  255.255.255.255
Babak:  127.0.0.1
Babak:  10/
Babak:  172.16/31
Babak:  192.168/
Babak:  Is there anything else?if yes,please write all of them and their
Babak:  uses to me.
Babak:
Babak:
Babak:  We know also that we can use  IP-spoofing.
Babak:  Is it possible to spoof these IPs above.
Babak:
Babak:  I am debating with myself whether it is possible to spoof these IPs
Babak:  above or not?For example spoofing 127.0.0.1 ?
Babak:  I am asking these questions because I have seen these logs in my
Babak:  firewall (in winXP and win2000 and win98 ) several times.
Babak:
Babak:  This logs is for "Outpost firewall`s attack detection"
Babak:  9/10/2003 Connection request    217.218.13.150  ICMP(2048)
Babak:  9/10/2003 My address            127.0.0.1
Babak:  9/10/2003 Connection request    127.0.0.1       TCP(1834)
Babak:  9/10/2003 Connection request    217.218.40.152  ICMP(2048)
Babak:
Babak:  And sometimes my local host`s IP changes to something else such as
Babak:  146.0.0.0 and etc.
Babak:
Babak:  What program (in windows OS) is responsible for 127.0.0.1 ??
Babak:  I think it is possible to  spoof this IP ( 127.0.0.1  ) .
Babak:  why not?
Babak:  what is your idea??



Yes, it's possible to spoof an IP address.  This was discussed on this
list months ago.  Early July I think.

No program is responsible for 127.0.0.1, unless you consider the OS
itself.  It's a part of the IP protocol.

ftp://ftp.rfc-editor.org/in-notes/rfc791.txt

If your local IP is changing, it seems that your computer goes though a
DHCP server.



 Scott Birl                              http://concept.temple.edu/sysadmin/
 Senior Systems Administrator            Computer Services   Temple University
====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====*

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Current thread:

security--spoofing 127.0.0.1 Mr Babak Memari (Sep 11)
- Re: security--spoofing 127.0.0.1 Birl (Sep 11)
- Re: security--spoofing 127.0.0.1 Luca Falavigna (Sep 15)