-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If security is a high concern and you must use an inet domain socket and not another form of more localized IPC, then you may want to use a program like hping to be sure that packets recieved with a destination address of 127.0.0.1 do not get sent to the local host. It would be awfully hard to mount an attack like this, but the test is simple enough to try and be sure of. You can use a network analyzer for windows like windump or ethereal to check this out and be sure. Sam On Tuesday 29 July 2003 08:04, Felipe Franciosi wrote: > > If you are creating an application that communicates using TCP, but > > only want to take requests from the localhost, are there reasons why > > you would not want to check that the incoming request is from > > localhost and then trust it? This is in a Windows environment. > > Hello there Craig. > > I guess it's all about "where" you are binding your socket. If you do > it on your "loopback" interface (in Windows I guess it's just called > the "127.0.0.1" interface), then the socket will be unavailable to > any packet arriving trough your network card(s). > > If you bind your socket to 0.0.0.0 (that is, INADDR_ANY), the kernel > will bind it to all interfaces available. See it: > > purgatory:/usr/include# find . -type f -print | xargs grep INADDR_ANY > ./netinet/in.h:#define INADDR_ANY ((in_addr_t) 0x00000000) > ./linux/in.h:#define INADDR_ANY ((unsigned long int) > 0x00000000) purgatory:/usr/include# > > (INADDR_ANY is the same that 0.0.0.0, typecasted). > > For mor information on this, I recommend reading of Beej's Network > programming guide and a great book named Unix Network Programming. > > > Would IP spoofing work if the application was checking for the IP > > address 127.0.0.1? If so, how likely is it that IP spoofing would > > work today, in a corporate environment? > > You can always set access lists on switchs and routers to avoid traffic > of packets from and to "local" (127.0.0.0/8) addresses over the network. > > Altought binding the socket to your loopback interface should not expose > your socket to network interfaces, I have seen several OSs with some ARP > handling problems, over witch an attack can be crafted to access sockets > binded on other interfaces. > > > Thank you for any direction you can provide. > > Best of luck, > Felipe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/JrPLuabcSIn58XwRAjptAKCsDtAIrq5+I8T3a4Dk4CebyK0LLACfTUvj jW8/GGSHfOPC9VMak6LVe+4= =NSyp -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Tue Jul 29 2003 - 10:56:50 PDT