Re: [Full-Disclosure] Odd packet?
From: Maarten (fulldisc_at_ultratux.org)
To: Disclosure Full <firstname.lastname@example.org> Date: Tue, 25 May 2004 23:57:33 +0200
On Tuesday 25 May 2004 22:35, Steffen Schumacher wrote:
> On 25.05.2004 21:55:19 +0000, Maarten wrote:
> > On Tuesday 25 May 2004 15:57, Gregh wrote:
> > > Getting quite a few 127.0.0.1 on differing ports lately and I know it
> > > isn't originating FROM this machine. Haven't sniffed any packets but
> > > they come up in logs.
> > Not saying what you see must be wrong but, if your routing / packetfilter
> > / kernelsettings were properly configured you would not ever get these
> > packets as they would be dropped before they would reach your machine.
> > If not your ISP, then you (indeed everyone) should always drop packets
> > coming from interfaces they _cannot_ originate from. Antispoofing,
> > that's called. Especially 127.x.x.x is not routed by any ISP which is
> > worth their name.
> Logs may still detect packets constructed with a 127/8 address.
> However, as you said, no ISP, which has to follow rules and regulations in
> the western world allows spoofing of or even routing of the 127/8 net.
> So Maarten, if you want to write again, please have packetdumps proving you
Hum... Aren't you confusing me with Gregh, the OP ?
And if not, what do you want me to prove ? That 127.0.0.1 is not routed...?
-- Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html