Re: Solaris 7 installation is sending 127.0.0.0/8 addresses on the ethernet network...

From: Michael Boman (michael.boman@securecirt.com)
Date: 11/28/02

  • Next message: Michael Boman: "Re: Solaris 7 installation is sending 127.0.0.0/8 addresses on the ethernet network..."
    Date: Thu, 28 Nov 2002 16:29:44 +0800
    From: Michael Boman <michael.boman@securecirt.com>
    To: Lupe Christoph <lupe@lupe-christoph.de>
    
    
    

    On Thu, Nov 28, 2002 at 09:03:14AM +0100, Lupe Christoph wrote:
    > On Tuesday, 2002-11-26 at 15:41:28 +0800, Michael Boman wrote:
    >
    > > I have a Solaris 7 (sparc) installation, with the recomended patch-batch
    > > installed. This particular installation emits 127.0.0.x addresses on
    > > the ethernet, and I wonder if anyone has any pointers what could cause
    > > this. (ip addresses has changed to protect the guilty).
    >
    > You are answering your own question below.
    >
    > > Routing Table:
    > > Destination Gateway Flags Ref Use Interface
    > > -------------------- -------------------- ----- ----- ------ ---------
    > > 172.20.123.0 172.20.123.24 U 3 31742 hme0
    > > 224.0.0.0 172.20.123.24 U 3 0 hme0
    > > default 172.20.123.1 UG 0 379177
    > > 127.0.0.1 127.0.0.1 UH 0 84159 lo0
    >
    > There is no route for 127.0.0.0/8, only for 127.0.0.1/32. So the default
    > route is used.
    >
    > > Here is a text dump from Ethereal that displays the offensive packets:
    >
    > > Frame 1 (60 on wire, 60 captured)
    > > ...
    > > Internet Protocol, Src Addr: 127.0.0.75 (127.0.0.75), Dst Addr: 108.122.0.0 (108.122.0.0)
    > > ...
    > > Source: 127.0.0.75 (127.0.0.75)
    > ^^
    > > Destination: 108.122.0.0 (108.122.0.0)
    >
    > > Please advice.
    >
    > If you want 127.0.0.0/8 on lo0, route them there. This has been
    > doscussed a while ago on one of the other mailing lists I read, maybe
    > BUGTRAQ. Linux has no route for 127.<anything> and does this
    > automagically. Solaris follows it's routing table.

    Even after I've done this:

    # route add -net 127 127.0.0.1
    # netstat -nr

    Routing Table:
      Destination Gateway Flags Ref Use Interface
    -------------------- -------------------- ----- ----- ------ ---------
    172.20.123.0 172.20.123.24 U 3 32273 hme0
    127.0.0.0 127.0.0.1 U 0 0 lo0
    224.0.0.0 172.20.123.24 U 3 0 hme0
    default 172.20.123.1 UG 0 387272
    127.0.0.1 127.0.0.1 UH 0 96356 lo0

    I still see the source 127.0.0.0/8 on my ethernet from this particular
    machine.

    Any other ideas?

    Best regards
     Michael Boman

    -- 
    Michael Boman
    Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
    http://www.securecirt.com
    
    




    Relevant Pages