Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Breaking SSH Listening Ports
From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Thu, 14 Sep 2000 15:53:43 -0400

On Thu, 14 Sep 2000, MARC A KURTZ wrote:

My question is, is a hacker able to "break" into the computer and send
data to that loopback address and get the response? Is the loopback
completely non-physical? In other words if a hacker injected
packets into the ethernet card somehow, would the card ignore them, or
pass them to the IP stack?? Will the hacker be able to get the
response if it gave one? We are also assuming there is no PcAnywhere
or similiar software installed to take control of the mouse, keyboard
and screen.

many systems can be fooled into accepting LAN packets from "localhost" on
their extenral interfaces. make sure that your filtering sofwtare is set
up properly to disallow lo0 traffic on anything but lo0.

jose nazario                                    jose () biochemistry cwru edu
PGP fingerprint: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]