My loop back is supposed to be 127.0.0.1.. at least that is what my ifconfig shows me.. and i have no idea what program is running on that port. Do you think that i could have a possible intrusin?
Thanks Craig On Tue, Jan 15, 2002 at 10:44:48AM -0800, Glenn Pitcher wrote: > No, you can't bypass the firewall using the loopback interface. Whats > interesting though is the IP address they're using... usually loopback is > 127.0.0.1 and the port number, 5460 isn't assigned to anyone so what program > is running? > > -----Original Message----- > From: Craig Van Tassle [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 14, 2002 8:48 AM > To: secuirty-basics > Subject: loopback device > > > Is it possible for someone over a network to use my loopback to by pass my > firewall? If so what can i do to mitigate the problem and how damageing can > it be? > > The reason im asking is my Snort sytem is showing badd loopback traffic.. > thanks > > here is a snipit from my snort logs. > > [**] [1:528:2] BAD TRAFFIC loopback traffic [**] > [Classification: Potentially Bad Traffic] [Priority: 2] > 01/12-14:10:11.568007 45.253.14.97:49847 -> 127.167.228.85:5460 > TCP TTL:64 TOS:0x0 ID:37583 IpLen:20 DgmLen:40 > ******S* Seq: 0x3F4BB00A Ack: 0x0 Win: 0x200 TcpLen: 20 > > Thanks > Craig > >
msg02959/pgp00000.pgp
Description: PGP signature
