Re: Trusting localhost?

From: Felipe Franciosi (ozzybugt_at_terra.com.br)
Date: 07/29/03

  • Next message: Sam Baskinger: "Re: Trusting localhost?" 
    Date: Tue, 29 Jul 2003 09:04:29 -0300
To: secprog@securityfocus.com

    > If you are creating an application that communicates using TCP, but
    > only want to take requests from the localhost, are there reasons why
    > you would not want to check that the incoming request is from
    > localhost and then trust it? This is in a Windows environment.

    Hello there Craig.

    I guess it's all about "where" you are binding your socket. If you do
    it on your "loopback" interface (in Windows I guess it's just called
    the "127.0.0.1" interface), then the socket will be unavailable to
    any packet arriving trough your network card(s).

    If you bind your socket to 0.0.0.0 (that is, INADDR_ANY), the kernel
    will bind it to all interfaces available. See it:

    purgatory:/usr/include# find . -type f -print | xargs grep INADDR_ANY
    ./netinet/in.h:#define INADDR_ANY ((in_addr_t) 0x00000000)
    ./linux/in.h:#define INADDR_ANY ((unsigned long int) 0x00000000)
    purgatory:/usr/include#

    (INADDR_ANY is the same that 0.0.0.0, typecasted).

    For mor information on this, I recommend reading of Beej's Network
    programming guide and a great book named Unix Network Programming.

    > Would IP spoofing work if the application was checking for the IP
    > address 127.0.0.1? If so, how likely is it that IP spoofing would
    > work today, in a corporate environment?

    You can always set access lists on switchs and routers to avoid traffic
    of packets from and to "local" (127.0.0.0/8) addresses over the network.

    Altought binding the socket to your loopback interface should not expose
    your socket to network interfaces, I have seen several OSs with some ARP
    handling problems, over witch an attack can be crafted to access sockets
    binded on other interfaces.

    > Thank you for any direction you can provide.

    Best of luck,
    Felipe 

    -- 
Felipe Franciosi <ozzybugt@terra.com.br>
  • Next message: Sam Baskinger: "Re: Trusting localhost?"

    Relevant Pages

    • [PATCH 1/1] IPN: Inter Process Networking
      ... +IPN is an Inter Process Communication service. ... +interface and protocols used for networking. ... +to a "network". ... +creates a communication socket. ...
      (Linux-Kernel)
    • Re: [PATCH 1/1] IPN: Inter Process Networking
      ... +IPN is an Inter Process Communication service. ... +interface and protocols used for networking. ... +to a "network". ... +creates a communication socket. ...
      (Linux-Kernel)
    • cl-sockets, Google, Lisp-NYC, and The Savages of c.l.l
      ... Lisp-NYC has provided to Google positive evaluations for seven of the nine Summer of Code projects Google sponsored through Lisp NYC. ... libraries go through each implementation's socket library. ... (Foreign Function Interface) ... ForNet is a distributed forensics network. ...
      (comp.lang.lisp)
    • Re: Multiple network interfaces
      ... In the same network the one with lower metric will be used, ... you can use "route print" command. ... > socket by socket, how can I know which interface it will use for sending ... > Is there any way I can specify a interface for that socket? ...
      (microsoft.public.win32.programmer.networks)
    • Re: 127.0.0.1 ?????
      ... > The `loopback' interface is a special type of interface that ... > else on your network. ... > has been assigned specifically for loopback. ... but haven't seen mention of adding localhost as trusted ...
      (comp.security.firewalls)