Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: 2nd loopback interface for security testing on isolated systems?
  • From: Johannes Geiger <geiger@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Sun, 27 Jan 2002 21:42:03 +0100
  • Message-id: <20020127214203.A9580@xxxxxxxxxxxxxxxxx>
Hello Paul Elliott,

I cannot help you with your question but I want to make one remark:

On Fri, Jan 25, 2002 at 02:46:49PM -0600, Paul Elliott wrote:
> loopback interface because I have decided the localhost is safe.

Do not rely on localhost being safe. There has been a long discussion on
this topic on bugtraq (around Mar 5, 2001, in case you want to look it
up). The bottom line was that there are Operating Systems (including --
if I remember correctly -- Linux) which allow external access to the
localhost interface. (This is restricted to machines on the same subnet
of course, because 127.0.0.1 is not routed.)

> world. Sendmail for one: If you turn sendmail entirely off then
> fetchmail does not work because it delivers mail by dumping it
> into port 25.

Use the mda option of fetchmail so at least there is no need to have
sendmail listening on port 25.

HTH

Johannes


< Previous Next >
Follow Ups
References