From owner-freebsd-ipfw Mon May 15 17:35:40 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from bubba.whistle.com (bubba.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id 177AB37B5CF for ; Mon, 15 May 2000 17:35:38 -0700 (PDT) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.3/8.9.2) id RAA53894; Mon, 15 May 2000 17:35:31 -0700 (PDT) From: Archie Cobbs Message-Id: <200005160035.RAA53894@bubba.whistle.com> Subject: Re: rc.firewall rule 200 In-Reply-To: <200005160016.UAA02420@dreamscape.com> from "Mark W. Krentel" at "May 15, 2000 08:16:43 pm" To: krentel@dreamscape.com (Mark W. Krentel) Date: Mon, 15 May 2000 17:35:31 -0700 (PDT) Cc: freebsd-ipfw@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Mark W. Krentel writes: > > The point of these two rules is to disallow someone on another > > (locally networked) machine from doing this: > > > > ifconfig lo0 down delete > > route add 127.0.0.0 > > telnet 127.0.0.1 > > Ok, good point. But this attack can only be launched from one hop > away, right? A legitimate machine would not forward a packet destined > for 127.0.0.1, so the attacker has to be one hop away. Right. > But my original question still stands. Isn't it equally important to > block packets from 127.0.0.0/8 that are not over loopback? On the It's not equally important because your machine would normally not reply to any such packet, where in the other case it would. So it's actually less important to block than "normally source addressed" packets, from a security point of view... However, from a network cleanliness/sanity point of view, sure it's probably a good idea to block them, along with RFC 1918 addresses, etc. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message