Thanks for the information. I can check that the client's address is
127.0.0.1. But as Frank pointed out, bigger problem is that another
user on the same machine can ask the server to execute any command for
him. I don't know how to solve that, apart from programming a telnet
daemon with user authentization as suggested by Ryan Cole.
--
Michal Kracik
Harold Grovesteen wrote:
>
> 127.0.0.0/8 has special attributes in the IP network. It is not
> assigned to anyone so it can not be routed in the Internet except by
> default routes nor can it get out of a router since no network
> interfaces are configured with this address.
>
> On the local LAN, potentially 127.0.0.1 could be directed to a specific
> machine, but you have bigger problems than an attack on your machine if
> it is coming from your internal network. Systems should always assume
> that 127.x.x.x is destined for itself so it should be very difficult to
> get a 127.x.x.x packet onto even the local network.
>
> For internal machine communication between socket based applications
> 127.0.0.1 does not pose a serious threat. The real issue is activation
> of the TCP or UDP port on which you intend to communicate. Any system
> that can get to your machine can access the port. The "server" end of
> the connection should verify that the "client" end is 127.0.0.1 and
> reject any other connections from other IP addresses.
>
> Harold Grovesteen
>
> Deryk Robosson wrote:
>
> > Michal Kracik wrote:
> >
> >> Hi Frank,
> >>
> >> I think that network security is not a problem here. If I remember
> >> correctly, with C socket library it's possible to listen only on
> >> a specific interface. So if I listen only on local loopback interface
> >> 127.0.0.1 and some port, noone from the network can attack my program.
> >> But perhaps there is another problem that I overlooked?
> >
> >
> > Sure, 127.* can be rerouted and an attack can take place that way. :)
> >
> > Deryk
> >
> > -- Binary/unsupported file stripped by Listar --
> > -- Type: application/x-pkcs7-signature
> > -- File: smime.p7s
> > -- Desc: S/MIME Cryptographic Signature
>
> --
> To unsubscribe from this list, please send an email to
> [EMAIL PROTECTED] with "unsubscribe" in the
> subject, without the quotes.
--
To unsubscribe from this list, please send an email to
[EMAIL PROTECTED] with "unsubscribe" in the
subject, without the quotes.
