Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
2nd loopback interface for security testing on isolated systems?
  • From: Paul Elliott <pelliott@xxxxxx>
  • Date: Fri, 25 Jan 2002 14:46:49 -0600
  • Message-id: <20020125144649.A10355@xxxxxx>


I have a single computer which I connect to the internet via dialup.
I use SuSEfirewall2.

I would like to test my security with nmap, satan, cops ect.

The problem is it is not realistic to do the test using the
loopback interface because I have decided the localhost is safe.

There are a number of programs that I have told to bind there
open ports to the loopback interface. This means the program
allow connections from the localhost but not from the outside
world. Sendmail for one: If you turn sendmail entirely off then
fetchmail does not work because it delivers mail by dumping it
into port 25. But I do not need sendmail to listen to the outside
world because I recieve mail via fetchmail, and I do not want
to worry about sendmail exploits. Same with appache SuSE's info
servers work by running appache. I want to review documention
but see not reason to serve the outside world or worry about
new appache exploits. So I have told appache to listen by binding
to the loopback interface. Also I have told SuSE firewall not to
protect from the internal network, and made the loopback interface
my connection to the internal network. (I told it to trust itself.)

Because of all this the results of an attack thru the loopback interface
would not be realistic.


I have an idea!

Create a 2nd loopback interface, and treat it as an untrusted interface
similarly to ppp0! Then I could tell nmap, satan, ect to run its
simulated attack thru this new interface!


Questions:

Is this a good idea? (I only have 1 computer, and cannot run a test
from the outside.)

How would I implement it?
What would be the proper ifconfig, route commands to setup
such a test interface?

Would there be a large penalty for setting up such an interface
and letting it run all the time, so I could do testing any time
after installing any new software perhaps?

--
Paul Elliott 1(512)837-1096
pelliott@xxxxxx PMB 181, 11900 Metric Blvd Suite J
http://www.io.com/~pelliott/pme/ Austin TX 78758-3117
< Previous Next >
Follow Ups