Re: Solaris 7 installation is sending 127.0.0.0/8 addresses on the ethernet network...

• Previous message: Lupe Christoph: "Re: Solaris 7 installation is sending 127.0.0.0/8 addresses on the ethernet network..."
• In reply to: Lupe Christoph: "Re: Solaris 7 installation is sending 127.0.0.0/8 addresses on the ethernet network..."
• Next in thread: Michael Boman: "Re: Solaris 7 installation is sending 127.0.0.0/8 addresses on the ethernet network..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 28 Nov 2002 16:29:44 +0800
From: Michael Boman <michael.boman@securecirt.com>
To: Lupe Christoph <lupe@lupe-christoph.de>

On Thu, Nov 28, 2002 at 09:03:14AM +0100, Lupe Christoph wrote:
> On Tuesday, 2002-11-26 at 15:41:28 +0800, Michael Boman wrote:
>
> > I have a Solaris 7 (sparc) installation, with the recomended patch-batch
> > installed. This particular installation emits 127.0.0.x addresses on
> > the ethernet, and I wonder if anyone has any pointers what could cause
> > this. (ip addresses has changed to protect the guilty).
>
> You are answering your own question below.
>
> > Routing Table:
> > Destination Gateway Flags Ref Use Interface
> > -------------------- -------------------- ----- ----- ------ ---------
> > 172.20.123.0 172.20.123.24 U 3 31742 hme0
> > 224.0.0.0 172.20.123.24 U 3 0 hme0
> > default 172.20.123.1 UG 0 379177
> > 127.0.0.1 127.0.0.1 UH 0 84159 lo0
>
> There is no route for 127.0.0.0/8, only for 127.0.0.1/32. So the default
> route is used.
>
> > Here is a text dump from Ethereal that displays the offensive packets:
>
> > Frame 1 (60 on wire, 60 captured)
> > ...
> > Internet Protocol, Src Addr: 127.0.0.75 (127.0.0.75), Dst Addr: 108.122.0.0 (108.122.0.0)
> > ...
> > Source: 127.0.0.75 (127.0.0.75)
> ^^
> > Destination: 108.122.0.0 (108.122.0.0)
>
> > Please advice.
>
> If you want 127.0.0.0/8 on lo0, route them there. This has been
> doscussed a while ago on one of the other mailing lists I read, maybe
> BUGTRAQ. Linux has no route for 127.<anything> and does this
> automagically. Solaris follows it's routing table.

Even after I've done this:

# route add -net 127 127.0.0.1
# netstat -nr

Routing Table:
  Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
172.20.123.0 172.20.123.24 U 3 32273 hme0
127.0.0.0 127.0.0.1 U 0 0 lo0
224.0.0.0 172.20.123.24 U 3 0 hme0
default 172.20.123.1 UG 0 387272
127.0.0.1 127.0.0.1 UH 0 96356 lo0

I still see the source 127.0.0.0/8 on my ethernet from this particular
machine.

Any other ideas?

Best regards
 Michael Boman

-- 
Michael Boman
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
http://www.securecirt.com

• application/pgp-signature attachment: stored

• Next message: Michael Boman: "Re: Solaris 7 installation is sending 127.0.0.0/8 addresses on the ethernet network..."
• Previous message: Lupe Christoph: "Re: Solaris 7 installation is sending 127.0.0.0/8 addresses on the ethernet network..."
• In reply to: Lupe Christoph: "Re: Solaris 7 installation is sending 127.0.0.0/8 addresses on the ethernet network..."
• Next in thread: Michael Boman: "Re: Solaris 7 installation is sending 127.0.0.0/8 addresses on the ethernet network..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]