I've just whitelisted 127.0.0.1 in declude hijack for now; don't like this temp work around but at least it's at my disposal..
any host policy should whitelist 127/8 anyway, so that's not a "workaround". you just don't have the answer to why you have to start doing it now.
the above host policy must be complemented by your edge firewall's network policy, in pseudo-code:
block in any from < net 127/8, net 192.168/16, net 10/8, net 172.16/12 > to <my nets> tcp/udp
this forces RFC 1918 networks to be "unroute-able" in bound at your network edge.
Len
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
