Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] Re: 2nd loopback interface for security testing on isolated systems?
On Sunday 27 January 2002 20:42, Johannes Geiger wrote:

> On Fri, Jan 25, 2002 at 02:46:49PM -0600, Paul Elliott wrote:

> > loopback interface because I have decided the localhost is safe.

I don't have any bright ideas for testing your firewall, from the same
machine, although VM Ware uses dummy IP addresses for communication with
hosts, perhaps UML to? The idea would be to run another copy of kernel, as a
virtual machine, which communicates with host, over a private network.

But can't you filter out packets based on interface -i ppp+ is any PPP
interface for example. Then you can have high confidence by connecting to
services which will cause packets that you block, for instance ident lookups
when you connect to IRC, and querying an NTP or DNS server you will receive
UDP response packets that can be logged and blocked.

> Do not rely on localhost being safe. There has been a long discussion on
> this topic on bugtraq (around Mar 5, 2001, in case you want to look it
> up). The bottom line was that there are Operating Systems (including --
> if I remember correctly -- Linux) which allow external access to the
> localhost interface. (This is restricted to machines on the same subnet
> of course, because 127.0.0.1 is not routed.)

Shouldn't the kernel rp_filter reject '127.0.0.1' spoofed packets coming in
on other interfaces?

fetchmail will actually fall back to using /usr/lib/sendmail, so you don't
need to run the local SMTP server at all, for incoming email.

Rob

< Previous Next >