Re: How safe for firewall rule using 127.0.0.0/8

From: Somebody. (somebody._at_spamout.russdoucet.com)
Date: 10/26/05 

Date: Tue, 25 Oct 2005 23:48:40 -0400

"Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message
news:slrndlt43g.229.ibuprofin@compton.phx.az.us...
> In the Usenet newsgroup comp.security.firewalls, in article
> <1130223645.713308.28390@z14g2000cwz.googlegroups.com>, mclo@asia.com
> wrote:
>
>>We found that we need to enable the following firewall rule in order to
>>run one of our application
>
>>Remote Address: 127.0.0.0/8
>
> Which interface? Every computer knows that 127.0.0.1 is "me". Some
> operating systems understand that _any_ address between 127.0.0.0 and
> 127.255.255.254 should also be "this" computer. It's used to allow
> one application to talk to another on this computer.
>
> There can not be a valid packets OF ANY KIND with that source address
> on ANY network. ISP's who have their head out of their ass should be
> dropping packets with that address (see RFC2827) anywhere they are
> seen on a network. The smart firewall administrator also blocks these
> packets ON THE NETWORK INTERFACES. You appear to be using windoze, which
> tries to hide technical details, but if you open a dos box
> (Start/Run.../cmd),
> and enter "route print" - you will see two (or sometimes more) interfaces,
> one of which is 127.0.0.1, and _that_ interface should be permitted.
>
>>Is it safe to include this rule. Any example to attack machines with
>>this rule?
>
> Denial of service attacks - trying to waste bandwidth. If a packet
> arrives over the network with a "source" address of 127.0.0.1, your
> computer doesn't know what to do with it, and may get confused.
>
> Old guy

Hey Moe, how about my SSL VPN client example? What do you think?

-Russ.

Relevant Pages

  • Re: [opensuse] SuseFirewall IPv4 vs IPv6
    ... # network security threats. ... # Opening ports for LAN services in the external zone defeats the ... # this setting only works for packets destined for the local machine. ... # If the protocol is icmp then port is interpreted as icmp type ...
    (SuSE)
  • Re: Ethernet issue: works one way but not another
    ... packets transmitted, 5 packets received, 0% packet loss ... (This is when connected directly to internet through ... FBSD, I have been working with BSDI at the isp I work for for the last ... As for my network topology, I have an internal network that goes ...
    (freebsd-questions)
  • Re: Update: UDP 770 Potential Worm
    ... > the network immediately after the 'attack', ... were no packets indicating some form of replication. ... I noticed that the UDP ... > of the UDP datagrams is the IP address of the proxy? ...
    (Incidents)
  • Re: IDSIPS that can handle one Gig
    ... especially with 64-byte UDP packets. ... There are plenty of network IPS's ... IDS/IPS devices through use of fragments. ... Find out quickly and easily by testing it with real-world attacks from ...
    (Focus-IDS)
  • Re: iptables and dhcp
    ... > the same physical network segment as the firewall and the remote DHCP ... You used INPUT and not FORWARD chain ... # This target allows packets to be marked in the mangle table ...
    (comp.os.linux.networking)