[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Odd packet?
- To: Valentino Squilloni - Ouz <ouz@xxxxxxxxx>
- Subject: Re: [Full-Disclosure] Odd packet?
- From: Steffen Schumacher <ssch@xxxxxxxx>
- Date: Wed, 26 May 2004 12:29:39 +0200
On 26.05.2004 11:05:43 +0000, Valentino Squilloni - Ouz wrote:
> On Wed, 26 May 2004, Steffen Schumacher wrote:
>
> []
> > However, as you said, no ISP, which has to follow rules and regulations
> > in the western world allows spoofing of or even routing of the 127/8 net.
>
> Yes, but 127/8 as the source or the destination ?
>
Well no matter which, a packet with that src or dst should *never' originate
from the ISP.
I haven't heard of anyone routing 127/8 or allowing spoofing of 127/8 addresses.
I can only speak for my own company (a middlesized european ISP), and none of
our > 1k backbone
routers route 127/8 or allow incoming packets with src 127/8 unless its in L2/3
VPN.
the 127/8 is reserved for loopback interfaces and should NOT be routed or
allowed. Any breach of this
should result in complaints to the ISP in question!.
> Even the OP didn't mentioned this. I'm proned to believe those packets
> have 127.0.0.1 as the source of the packets.
>
I'm proned to think that if indeed these packets was seen on the wire, it was
his own pc that
generated them.
PS. To Maarten: Sorry for mixing your name in this one Maarten - I apologize!
> --
> >avendo accesso come root ad un server remoto, come potrei fare a rendere
> >il sistema non utilizzabile ma in modo sottile ?
> Se NT puo' installarsi via FTP, e' la tua risposta.
> -- Leonardo Serni
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html