Date: Mon, 15 May 2000 17:35:31 -0700 (PDT) From: Archie Cobbs <archie@whistle.com> To: krentel@dreamscape.com (Mark W. Krentel) Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: rc.firewall rule 200 Message-ID: <200005160035.RAA53894@bubba.whistle.com> In-Reply-To: <200005160016.UAA02420@dreamscape.com> from "Mark W. Krentel" at "May 15, 2000 08:16:43 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Mark W. Krentel writes: > > The point of these two rules is to disallow someone on another > > (locally networked) machine from doing this: > > > > ifconfig lo0 down delete > > route add 127.0.0.0 <your-machine-ip-address> > > telnet 127.0.0.1 > > Ok, good point. But this attack can only be launched from one hop > away, right? A legitimate machine would not forward a packet destined > for 127.0.0.1, so the attacker has to be one hop away. Right. > But my original question still stands. Isn't it equally important to > block packets from 127.0.0.0/8 that are not over loopback? On the It's not equally important because your machine would normally not reply to any such packet, where in the other case it would. So it's actually less important to block than "normally source addressed" packets, from a security point of view... However, from a network cleanliness/sanity point of view, sure it's probably a good idea to block them, along with RFC 1918 addresses, etc. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005160035.RAA53894>