> >Any attempt to send a packet to 127.0.0.1 will create a loop back on
your machine
> >TCOP/IP stack so it will not get out.
> >even if you modify the stack itself most routers and for sure firewalls
will
> >not forward, they will be confused to think that it is their own packet.
>
> I think Frank was talking about a packet with 127.0.0.1 as it's source
address not destination.
Actually both. The problem is that I have an ACL which I want to
only permit 127.0.0.1 to connect. Obviously, IP spoofing will defeat
this acl, but if the attacker cannot see responses then I have an OK
workaround for this particular application. Unfortunately blocking
source routing and forged packets at an upstream router or firewall
is not an option this time.
So, my concern is that source routing can be applied by the
attacker to get responses back. If, for example, source routing
is applied before standard routing, then this would seem like maybe
it might work. Certainly the packets _shouldn't_ make it back,
but does the practice match the theory? I don't think '127.0.0.1'
has any special status in the stack really, other than it happens
to be routed over the loopback interface. This, and the fact that
these packets "don't arise in nature" (so probably no one's ever
tried this) is what has me worried. [And did I mention that this
is a Microsoft stack :-) :-) ? ]
Cheers,
Frank O'Dwyer
Follow-Ups:
|
|
