Re: How safe for firewall rule using 127.0.0.0/8
From: Somebody. (somebody._at_spamout.russdoucet.com)
Date: Tue, 25 Oct 2005 23:48:40 -0400
"Moe Trin" <firstname.lastname@example.org> wrote in message
> In the Usenet newsgroup comp.security.firewalls, in article
> <email@example.com>, firstname.lastname@example.org
>>We found that we need to enable the following firewall rule in order to
>>run one of our application
>>Remote Address: 127.0.0.0/8
> Which interface? Every computer knows that 127.0.0.1 is "me". Some
> operating systems understand that _any_ address between 127.0.0.0 and
> 127.255.255.254 should also be "this" computer. It's used to allow
> one application to talk to another on this computer.
> There can not be a valid packets OF ANY KIND with that source address
> on ANY network. ISP's who have their head out of their ass should be
> dropping packets with that address (see RFC2827) anywhere they are
> seen on a network. The smart firewall administrator also blocks these
> packets ON THE NETWORK INTERFACES. You appear to be using windoze, which
> tries to hide technical details, but if you open a dos box
> and enter "route print" - you will see two (or sometimes more) interfaces,
> one of which is 127.0.0.1, and _that_ interface should be permitted.
>>Is it safe to include this rule. Any example to attack machines with
> Denial of service attacks - trying to waste bandwidth. If a packet
> arrives over the network with a "source" address of 127.0.0.1, your
> computer doesn't know what to do with it, and may get confused.
> Old guy
Hey Moe, how about my SSL VPN client example? What do you think?