Hi, I wouldnt use machinename as a reference to lochost as a lookup by machine name returns the routable IP address of the machine and involves talking to a DNS server. -mtl -------------------------------------------------- Michael Lapinski Computer Scientist GE Research "I think there is a world market for maybe five computers." - IBM Chairman Thomas Watson, 1943 ->-----Original Message----- ->From: Gerard Vignes [mailto:gerardmarshallvignesat_private] ->Sent: Monday, July 28, 2003 2:16 PM ->To: secprogat_private ->Subject: Re: Trusting localhost? -> -> ->Just remember that there are at least 3 ways to reference a ->local host: -> 127.0.0.1 -> localhost -> machinename ->These methods have different security implications. -> ->>From: Craig Minton <CraigSecurityat_private> ->>Reply-To: CraigSecurityat_private ->>To: secprogat_private ->>Subject: Trusting localhost? ->>Date: Wed, 23 Jul 2003 14:16:13 -0700 (PDT) ->> ->>If you are creating an application that communicates using ->TCP, but only ->>want to take requests from the localhost, are there reasons ->why you would ->>not want to check that the incoming request is from ->localhost and then ->>trust it? This is in a Windows environment. Would IP ->spoofing work if the ->>application was checking for the IP address 127.0.0.1? If ->so, how likely ->>is it that IP spoofing would work today, in a corporate environment? ->> ->>Thank you for any direction you can provide. ->> ->>_____________________________________________________________ ->>Fight the power! BlazeMail.com -> ->_________________________________________________________________ ->Tired of spam? Get advanced junk mail protection with MSN 8. ->http://join.msn.com/?page=features/junkmail ->
This archive was generated by hypermail 2b30 : Mon Jul 28 2003 - 11:29:22 PDT