Security Basics mailing list archives
Re: security--spoofing 127.0.0.1
From: Birl <sbirl () temple edu>
Date: Thu, 11 Sep 2003 12:36:46 -0400 (EDT)
As it was written on Sep 10, thus Mr Babak Memari typed: Babak: Salaam, Babak: Babak: As you know there are some IPs that they are not addressed Babak: directly,for example: Babak: Babak: 255.255.255.255 Babak: 127.0.0.1 Babak: 10/ Babak: 172.16/31 Babak: 192.168/ Babak: Is there anything else?if yes,please write all of them and their Babak: uses to me. Babak: Babak: Babak: We know also that we can use IP-spoofing. Babak: Is it possible to spoof these IPs above. Babak: Babak: I am debating with myself whether it is possible to spoof these IPs Babak: above or not?For example spoofing 127.0.0.1 ? Babak: I am asking these questions because I have seen these logs in my Babak: firewall (in winXP and win2000 and win98 ) several times. Babak: Babak: This logs is for "Outpost firewall`s attack detection" Babak: 9/10/2003 Connection request 217.218.13.150 ICMP(2048) Babak: 9/10/2003 My address 127.0.0.1 Babak: 9/10/2003 Connection request 127.0.0.1 TCP(1834) Babak: 9/10/2003 Connection request 217.218.40.152 ICMP(2048) Babak: Babak: And sometimes my local host`s IP changes to something else such as Babak: 146.0.0.0 and etc. Babak: Babak: What program (in windows OS) is responsible for 127.0.0.1 ?? Babak: I think it is possible to spoof this IP ( 127.0.0.1 ) . Babak: why not? Babak: what is your idea?? Yes, it's possible to spoof an IP address. This was discussed on this list months ago. Early July I think. No program is responsible for 127.0.0.1, unless you consider the OS itself. It's a part of the IP protocol. ftp://ftp.rfc-editor.org/in-notes/rfc791.txt If your local IP is changing, it seems that your computer goes though a DHCP server. Scott Birl http://concept.temple.edu/sysadmin/ Senior Systems Administrator Computer Services Temple University ====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====* --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- security--spoofing 127.0.0.1 Mr Babak Memari (Sep 11)
- Re: security--spoofing 127.0.0.1 Birl (Sep 11)
- Re: security--spoofing 127.0.0.1 Luca Falavigna (Sep 15)