Solaris and lack of loopback routes

From: Jon (warchild@spoofed.org)
Date: 07/30/02


Date: Mon, 29 Jul 2002 23:14:15 -0400
From: Jon <warchild@spoofed.org>
To: focus-sun@securityfocus.com

Greetings,
                                                                                                                                    
Let me appologize in advance if this isn't totally appropriate content for
this list -- all my other resources have turned up dry.
                                                                                                                                    
I'm curious why Solaris (2.6 and 5.8) doesn't have a route for the loopback
network (127.0.0.0/8). On all the Solaris systems I could get my hands on
(some 2.6, some 5.8, some bare-bones, some highly customized), none of them
have routes for traffic destined for the loopback network.
                                                                                                                                    
This has recently become a problem when dealing with spam. I've been
seeing a number of large spamming runs that use a from address whos IP and
MX resolve to something on the loopback network. On the outside chance
that a user tries to respond to the spam, or the spam bounces for whatever
reason, it tries to return to the loopback network. Since these Solaris
machines seem to have no knowledge of the loopback network, they simply
spew the traffic out over their default interface, and the traffic just
floats around for 4 days or so until the MTA decides to give up.
                                                                                                                                    
Obviously I could just add a route for the loopback network and be done
with it. All of the Linux and *BSD boxen I've dealt with have a route for
the loopback network, but Solaris seems to lack this. Does anyone know why
this is or can forsee any (Solaris-specific) downsides?
                                                                                                                                    
Thanks in advance,
                                                                                                                                    
-jon