127.0.0.0/8 has special attributes in the IP network. It is not
assigned to anyone so it can not be routed in the Internet except by
default routes nor can it get out of a router since no network
interfaces are configured with this address.
On the local LAN, potentially 127.0.0.1 could be directed to a specific
machine, but you have bigger problems than an attack on your machine if
it is coming from your internal network. Systems should always assume
that 127.x.x.x is destined for itself so it should be very difficult to
get a 127.x.x.x packet onto even the local network.
For internal machine communication between socket based applications
127.0.0.1 does not pose a serious threat. The real issue is activation
of the TCP or UDP port on which you intend to communicate. Any system
that can get to your machine can access the port. The "server" end of
the connection should verify that the "client" end is 127.0.0.1 and
reject any other connections from other IP addresses.
Harold Grovesteen
Deryk Robosson wrote:
> Michal Kracik wrote:
>
>> Hi Frank,
>>
>> I think that network security is not a problem here. If I remember
>> correctly, with C socket library it's possible to listen only on
>> a specific interface. So if I listen only on local loopback interface
>> 127.0.0.1 and some port, noone from the network can attack my program.
>> But perhaps there is another problem that I overlooked?
>
>
> Sure, 127.* can be rerouted and an attack can take place that way. :)
>
> Deryk
>
> -- Binary/unsupported file stripped by Listar --
> -- Type: application/x-pkcs7-signature
> -- File: smime.p7s
> -- Desc: S/MIME Cryptographic Signature
--
To unsubscribe from this list, please send an email to
[EMAIL PROTECTED] with "unsubscribe" in the
subject, without the quotes.
