Re: Trusting localhost?

From: Gerard Vignes (gerardmarshallvignesat_private)
Date: Mon Jul 28 2003 - 11:16:05 PDT

Next message: Lapinski, Michael (Research): "RE: Trusting localhost?"

Previous message: Craig Minton: "Trusting localhost?"
Maybe in reply to: Craig Minton: "Trusting localhost?"
Next in thread: Lapinski, Michael (Research): "RE: Trusting localhost?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just remember that there are at least 3 ways to reference a local host:
    127.0.0.1
    localhost
    machinename
These methods have different security implications.

>From: Craig Minton <CraigSecurityat_private>
>Reply-To: CraigSecurityat_private
>To: secprogat_private
>Subject: Trusting localhost?
>Date: Wed, 23 Jul 2003 14:16:13 -0700 (PDT)
>
>If you are creating an application that communicates using TCP, but only 
>want to take requests from the localhost, are there reasons why you would 
>not want to check that the incoming request is from localhost and then 
>trust it?  This is in a Windows environment.  Would IP spoofing work if the 
>application was checking for the IP address 127.0.0.1?  If so, how likely 
>is it that IP spoofing would work today, in a corporate environment?
>
>Thank you for any direction you can provide.
>
>_____________________________________________________________
>Fight the power!  BlazeMail.com

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail

Next message: Lapinski, Michael (Research): "RE: Trusting localhost?"
Previous message: Craig Minton: "Trusting localhost?"
Maybe in reply to: Craig Minton: "Trusting localhost?"
Next in thread: Lapinski, Michael (Research): "RE: Trusting localhost?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 28 2003 - 11:18:04 PDT