Re: Attacking the loopback interface from the network
From: athegates (athegates@gates.com)
Date: 03/25/03
- Next message: memimi: "Re: port and process info"
- Previous message: Colnel Panic: "Big Website Hack Documented"
- In reply to: Sean O'Connell: "Attacking the loopback interface from the network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "athegates" <athegates@gates.com> Date: Tue, 25 Mar 2003 01:40:00 GMT
Just looked over your post and I'd say someone would have to have internal
access to even get close to the loopback address.
So to make this happen one would need to take control of another inside
device and then redirect the inside resource toward your device with the
loopback address.
Now they can go after it. That's alot of hacking to ever get that far. They
basically have to breakin and then pull a u_turn to go back out towards your
device. Possible, sure. Practical, no.
http://www.elitelinux.com/forum.php
"Sean O'Connell" <sean.oconnell@guardeonic.com> wrote in message
news:b5n4g1$jpl$1@kermit.esat.net...
> Hi,
>
> I want to find out if it is possible to carry out a network based attack
on
> a host's loopback interface. If I have an application exchanging sensitive
> data (in the clear) to a local based security proxy that is in turn
> listening on the loopback interface i.e. 127.0.0.1, and that proxy is
> securing the data for subsequent Tx over the net. Given this common
> configuration, is it possible to launch an attack on the application,
since
> it is relying on all input/output data coming from the proxy server. Could
I
> somehow establish a data exchange with the end application from an
attacker
> based on the network baring in mind that the application is only
exchnaging
> data with the loopback interface. This approach is used a lot today by
> "Security products" that try to make application transmissions secure
> without changing the original application. For example an e-mail product.
I
> know that W2K has IP forwarding turning on by default which means that
> packets from the eth0 interface should be routed to the loopback
interface.
> However, I have not seen any description on how eth0 would handle a
> 127.0.0.1 destination package received from the Network, especially if it
> contains a hackers src address, so a valid response can be returned.
>
> I would appreciate any help on this problem and suggestions on how you
could
> carry out this attack or indeed a definitive answer to say no
> because of the following reasons.....
>
> TIA
>
> Sean O'Connell
>
>
>
>
- Next message: memimi: "Re: port and process info"
- Previous message: Colnel Panic: "Big Website Hack Documented"
- In reply to: Sean O'Connell: "Attacking the loopback interface from the network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
