> If you are creating an application that communicates using TCP, but > only want to take requests from the localhost, are there reasons why > you would not want to check that the incoming request is from > localhost and then trust it? This is in a Windows environment. Hello there Craig. I guess it's all about "where" you are binding your socket. If you do it on your "loopback" interface (in Windows I guess it's just called the "127.0.0.1" interface), then the socket will be unavailable to any packet arriving trough your network card(s). If you bind your socket to 0.0.0.0 (that is, INADDR_ANY), the kernel will bind it to all interfaces available. See it: purgatory:/usr/include# find . -type f -print | xargs grep INADDR_ANY ./netinet/in.h:#define INADDR_ANY ((in_addr_t) 0x00000000) ./linux/in.h:#define INADDR_ANY ((unsigned long int) 0x00000000) purgatory:/usr/include# (INADDR_ANY is the same that 0.0.0.0, typecasted). For mor information on this, I recommend reading of Beej's Network programming guide and a great book named Unix Network Programming. > Would IP spoofing work if the application was checking for the IP > address 127.0.0.1? If so, how likely is it that IP spoofing would > work today, in a corporate environment? You can always set access lists on switchs and routers to avoid traffic of packets from and to "local" (127.0.0.0/8) addresses over the network. Altought binding the socket to your loopback interface should not expose your socket to network interfaces, I have seen several OSs with some ARP handling problems, over witch an attack can be crafted to access sockets binded on other interfaces. > Thank you for any direction you can provide. Best of luck, Felipe -- Felipe Franciosi <ozzybugtat_private>
This archive was generated by hypermail 2b30 : Tue Jul 29 2003 - 09:20:12 PDT