Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Loopback and multi-homed routing flaw in TCP/IP stack.
From: Ben Laurie <ben () ALGROUP CO UK>
Date: Tue, 6 Mar 2001 09:16:15 +0000
John Cronin wrote:

The Issue:

There is a flaw in the TCP/IP stack, such that packets intended for
loopback and/or local network interfaces, routed via any other
interface, will be delivered EVEN IF THE MACHINE IS CONFIGURED NOT TO
BE A GATEWAY (note that in the case of packets destined for the
loopback interface, we consider this to be a fault no matter how the
host is configured - see RFC 1122 comments below).


What about a virtual IP bound to the loopback interface, or a dummy
interface?  This is precisely what many load balancing and high
availability failover clusters do, as previously mentioned.


A virtual IP bound to the loopback interface is not in 127/8 and so
would not be filtered.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

ApacheCon 2001! http://ApacheCon.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]