Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Reachable addresses on the net (was SYN floods)
From: mycroft () mit edu (Charles M. Hannum)
Date: Tue, 10 Sep 1996 21:13:20 -0400


Alan Cox <coxa () cableol net> writes:


Linux boxes at least responds to everything on the loopback interface. I'm
guessing this is some form of loopback optimization..

Actually its called "Reading the standards documents and following them".

Well, I just searched the STDs and RFCs looking for references to
this.  Omitting all the obsolete editions, I found only three
references that even specify behaviour regarding the 127/8 network.

1) RFC 1700, `Assigned Numbers', says:

      (g)   {127, <any>}

         Internal host loopback address.  Should never appear outside
         a host.

Note that this does not indicate that the host must accept packets for
all of these addresses; only that it should not send the packets onto
a network.

This wording is also contained much earlier in STD 4, which is an
official standard.

2) RFC 1812, `Requirements for IP Version 4 Routers', has more or less
the same statement as above, and later says:

      A router SHOULD NOT forward any packet which has an invalid IP
      destination address or a destination address on network 0.  A
      router SHOULD NOT forward, except over a loopback interface, any
      packet which has a destination address on network 127.  A router
      MAY have a switch which allows the network manager to disable
      these checks.  If such a switch is provided, it MUST default to
      performing the checks.

This is pretty much irrelevant to the current discussion, and it's not
a standard anyway.

3) RFC 1912, `Common DNS Operational and Configuration Errors', says:

   Certain zones should always be present in nameserver configurations:

           primary         localhost               localhost
           primary         0.0.127.in-addr.arpa    127.0
           primary         255.in-addr.arpa        255
           primary         0.in-addr.arpa          0

   [...]

   The "localhost" address is a "special" address which always refers to
   the local host.  It should contain the following line:

           localhost.      IN      A       127.0.0.1

   The "127.0" file should contain the line:

           1    PTR     localhost.

   [...]

      Translating 127.0.0.1 into "localhost.dom.ain" can cause some
      software to connect back to the loopback interface when it didn't
      want to because "localhost" is not equal to "localhost.dom.ain".

Although strictly speaking this is only a DNS RFC (and not a standard,
at that), you'll note that it's quite explicit about which address is
used.


Furthermore, from a historical perspective, your argument doesn't even
make sense.  The usage of 127/8 for loopback originated from BSD, and
BSD has never (at least by default) accepted packets for an address
within this network other than 127.0.0.1.


In summary, I believe your statement is simply wrong.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]