In-Reply-To: <[EMAIL PROTECTED]> That should be pretty secure, because it is TCP and network traffic goes only to localhost (127.0.0.1). If someone even send you spoofed SYN TCP/IP packet, answer will be sent to local computer, and attacker gets nothing. Another story would be if UDP protocol is used, but this way is IMHO secure.
Regards, DownBload / Illegal Instruction Labs >If you are creating an application that communicates using TCP, but only > want to take requests from the localhost, are there reasons why you >would not want to check that the incoming request is from localhost and >then trust it? This is in a Windows environment. Would IP spoofing >work if the application was checking for the IP address 127.0.0.1? If >so, how likely is it that IP spoofing would work today, in a corporate >environment? > >Thank you for any direction you can provide. > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
