Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] host.deny and spoofing
  • From: Anders Johansson <andjoh@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Mon, 4 Feb 2002 13:17:42 +0100
  • Message-id: <200202041217.g14CHhM07742@xxxxxxxxxxxxxxxxxxxxx>
On Monday 04 February 2002 13.07, Evert Smit wrote:
> Hi all,
>
> here a question
>
> if i do a hosts.deny all and a host.allow imapd localhost could someone
> spoofing his ip to 127.0.0.1 still access the imap server?

No. first of all the packet would probably be stopped along the way as an
illegal source address, second if it did get through to your machine your
kernel would flag is as a martian, and thirdly if your kernel has martian
detection turned off, your machine would respond to localhost. The TCP
connection could never be made

//Anders

< Previous Next >