Trusting localhost?

From: Craig Minton (CraigSecurityat_private)
Date: Wed Jul 23 2003 - 14:16:13 PDT

Next message: Gerard Vignes: "Re: Trusting localhost?"

Next in thread: Gerard Vignes: "Re: Trusting localhost?"
Reply: Gerard Vignes: "Re: Trusting localhost?"
Reply: Lapinski, Michael (Research): "RE: Trusting localhost?"
Reply: Felipe Franciosi: "Re: Trusting localhost?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If you are creating an application that communicates using TCP, but only want to take requests from the localhost, are there reasons why you would not want to check that the incoming request is from localhost and then trust it?  This is in a Windows environment.  Would IP spoofing work if the application was checking for the IP address 127.0.0.1?  If so, how likely is it that IP spoofing would work today, in a corporate environment?

Thank you for any direction you can provide.

_____________________________________________________________
Fight the power!  BlazeMail.com

Next message: Gerard Vignes: "Re: Trusting localhost?"
Next in thread: Gerard Vignes: "Re: Trusting localhost?"
Reply: Gerard Vignes: "Re: Trusting localhost?"
Reply: Lapinski, Michael (Research): "RE: Trusting localhost?"
Reply: Felipe Franciosi: "Re: Trusting localhost?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 28 2003 - 09:00:43 PDT