Security Basics mailing list archives
Re: security--spoofing 127.0.0.1
From: Luca Falavigna <fala83 () libero it>
Date: Sun, 14 Sep 2003 15:46:58 +0200
It is possible to make a Ip Spoofing attack, especially with UDP packets because of their nature (connectionless). An attack can be performed starting an UDP server on a local machine listening to a port that router/firewall cannot block (i.e. DNS 53) and redirect the information included in the data field to a program (usually a shell...). The solution is to block loopback packets in your firewall.When you're connected to a network, probably there will be a DCHP server, which assigns IP addresses dinamically in order to avoid two different machines having the same IP. Don't worry about that. Be sure that the IP you got from DHCP belongs to your ISP's ones.
Luca Mr Babak Memari ha scritto:
Salaam, As you know there are some IPs that they are not addressed directly,for example: 255.255.255.255 127.0.0.1 10/ 172.16/31 192.168/ Is there anything else?if yes,please write all of them and their uses to me. We know also that we can use IP-spoofing. Is it possible to spoof these IPs above. I am debating with myself whether it is possible to spoof these IPs above or not?For example spoofing 127.0.0.1 ? I am asking these questions because I have seen these logs in my firewall (in winXP and win2000 and win98 ) several times. This logs is for "Outpost firewall`s attack detection" 9/10/2003 Connection request 217.218.13.150 ICMP(2048)9/10/2003 My address 127.0.0.1 9/10/2003 Connection request 127.0.0.1 TCP(1834)9/10/2003 Connection request 217.218.40.152 ICMP(2048) And sometimes my local host`s IP changes to something else such as 146.0.0.0 and etc. What program (in windows OS) is responsible for 127.0.0.1 ?? I think it is possible to spoof this IP ( 127.0.0.1 ) . why not? what is your idea??
---------------------------------------------------------------------------Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
Current thread:
- security--spoofing 127.0.0.1 Mr Babak Memari (Sep 11)
- Re: security--spoofing 127.0.0.1 Birl (Sep 11)
- Re: security--spoofing 127.0.0.1 Luca Falavigna (Sep 15)