Solaris 7 installation is sending 127.0.0.0/8 addresses on the ethernet network...

From: Michael Boman (michael.boman@securecirt.com)
Date: 11/26/02

  • Next message: Jan-Philip Velders: "Re: Solaris 7 installation is sending 127.0.0.0/8 addresses on the ethernet network..."
    Date: Tue, 26 Nov 2002 15:41:28 +0800
    From: Michael Boman <michael.boman@securecirt.com>
    To: focus-sun@securityfocus.com
    
    
    

    Hi there,

    I have a Solaris 7 (sparc) installation, with the recomended patch-batch
    installed. This particular installation emits 127.0.0.x addresses on
    the ethernet, and I wonder if anyone has any pointers what could cause
    this. (ip addresses has changed to protect the guilty).

    # ifconfig -a
    lo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232
            inet 127.0.0.1 netmask ff000000
    hme0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500
            inet 172.20.123.24 netmask ffffff00 broadcast 172.20.123.255
            ether 8:0:20:c4:ad:45

    # netstat -nr

    Routing Table:
      Destination Gateway Flags Ref Use Interface
    -------------------- -------------------- ----- ----- ------ ---------
    172.20.123.0 172.20.123.24 U 3 31742 hme0
    224.0.0.0 172.20.123.24 U 3 0 hme0
    default 172.20.123.1 UG 0 379177
    127.0.0.1 127.0.0.1 UH 0 84159 lo0

    Here is a text dump from Ethereal that displays the offensive packets:

    Frame 1 (60 on wire, 60 captured)
        Arrival Time: Nov 22, 2002 11:39:49.573028000
        Time delta from previous packet: 0.000000000 seconds
        Time relative to first packet: 0.000000000 seconds
        Frame Number: 1
        Packet Length: 60 bytes
        Capture Length: 60 bytes
    Ethernet II
        Destination: 00:00:0c:07:ac:02 (Cisco_07:ac:02)
        Source: 08:00:20:c4:ad:45 (Sun_c4:ad:45)
        Type: IP (0x0800)
        Trailer: 55555555555555555555555555555555...
    Internet Protocol, Src Addr: 127.0.0.75 (127.0.0.75), Dst Addr: 108.122.0.0 (108.122.0.0)
        Version: 4
        Header length: 20 bytes
        Differentiated Services Field: 0x07 (DSCP 0x01: Unknown DSCP; ECN: 0x03)
            0000 01.. = Differentiated Services Codepoint: Unknown (0x01)
            .... ..1. = ECN-Capable Transport (ECT): 1
            .... ...1 = ECN-CE: 1
        Total Length: 20
        Identification: 0xe7c9
        Flags: 0x04
            .1.. = Don't fragment: Set
            ..0. = More fragments: Not set
        Fragment offset: 0
        Time to live: 255
        Protocol: IPv6 hop-by-hop option (0x00)
        Header checksum: 0xa853 (correct)
        Source: 127.0.0.75 (127.0.0.75)
        Destination: 108.122.0.0 (108.122.0.0)

    Please advice.

    Best regards
     Michael Boman

    -- 
    Michael Boman
    Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
    http://www.securecirt.com
    
    




    Relevant Pages

    • Re: Embedded ethernet advice.
      ... > But when an ethernet and a tcp/ip stack is added, ... packaged up into bundles called packets, a header is tacked onto the ... beginning of each packet, and the packet moves as one piece across the ... get at the IP packet to get at the TCP packet to get at your byte. ...
      (comp.arch.embedded)
    • Re: ARP - IP but why?
      ... The Network layer keeps track of logical addresses, and Ethernet handles delivery to a specific device. ... Since an IP address can be assigned to any ethernet device, it is utilized to associate an IP address to a real-world computer, printer, whatever. ... Once the network layer builds the TCP packet with a destination IP address, it hands it down to the link layer. ...
      (comp.os.linux.networking)
    • Re: Polling For 100 mbps Connections? (Was Re: Freebsd Theme Song)
      ... Polling For 100 mbps Connections? ... from the network into the ethernet receiver. ... It takes a certain amount of time to get the packet out of ... not in the ethernet driver code. ...
      (freebsd-questions)
    • Re: AFP protocol
      ... I met, in the 1980s, plenty of workstations hooked up to Ethernet ... reasonable sized black coax cables that use BNC sockets, ... and another 500m off each repeater. ... The 64 byte minimum packet size for Ethernet, the 1500m limit, and the ...
      (uk.comp.sys.mac)
    • Re: DHCP serving more than one subnet (longish)
      ... DHCP packets are really ethernet packets whose contents are formatted as TCPIP ... packets to allow a host's ethernet layer to pass the packet onto the TCPIP stack. ... The response from the server is sent as an ethernet packet adressed ...
      (comp.os.vms)