Date: Mon, 15 May 2000 20:16:43 -0400 (EDT) From: "Mark W. Krentel" <krentel@dreamscape.com> To: archie@whistle.com Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: rc.firewall rule 200 Message-ID: <200005160016.UAA02420@dreamscape.com>
next in thread | raw e-mail | index | archive | help
> The point of these two rules is to disallow someone on another > (locally networked) machine from doing this: > > ifconfig lo0 down delete > route add 127.0.0.0 <your-machine-ip-address> > telnet 127.0.0.1 Ok, good point. But this attack can only be launched from one hop away, right? A legitimate machine would not forward a packet destined for 127.0.0.1, so the attacker has to be one hop away. But my original question still stands. Isn't it equally important to block packets from 127.0.0.0/8 that are not over loopback? On the gateway machine for a local network, you would certainly block spoofing of the network's internal addresses. And indeed, the "simple" type in rc.firewall does this. So, don't you also want to block spoofing of 127.0.0.1? --Mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005160016.UAA02420>