Ok The port was a typeo. but do you think that my computer could be compromised or this could just be a mis-configuration on my computer or a atempt at a hack?How is it that my computer is catcheing this loopback traffic? could someone be bouncing off my computer or what?
Thanks Craig On Thu, Jan 17, 2002 at 02:11:15PM -0500, leon wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > What do you mean by what program is running on this port? I am not > sure if you consider the loop back address a port as much as what it > is (ie; a loopback address). I don't know if you can bind running > process to the loopback addy. Even if you possibly could, an > attacker never would because you would be unable to route traffic to > it. > > HTH, > > Leon > > - -----Original Message----- > From: Craig Van Tassle [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 15, 2002 2:35 PM > To: secuirty-basics > Subject: Re: loopback device > > My loop back is supposed to be 127.0.0.1.. at least that is what my > ifconfig shows me.. and i have no idea what program is running on > that port. > Do you think that i could have a possible intrusin? > > Thanks > Craig > > On Tue, Jan 15, 2002 at 10:44:48AM -0800, Glenn Pitcher wrote: > > No, you can't bypass the firewall using the loopback interface. > > Whats interesting though is the IP address they're using... usually > > loopback is 127.0.0.1 and the port number, 5460 isn't assigned to > > anyone so what program is running? > > > > -----Original Message----- > > From: Craig Van Tassle [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 14, 2002 8:48 AM > > To: secuirty-basics > > Subject: loopback device > > > > > > Is it possible for someone over a network to use my loopback to by > > pass my firewall? If so what can i do to mitigate the problem and > > how damageing can it be? > > > > The reason im asking is my Snort sytem is showing badd loopback > > traffic.. thanks > > > > here is a snipit from my snort logs. > > > > [**] [1:528:2] BAD TRAFFIC loopback traffic [**] > > [Classification: Potentially Bad Traffic] [Priority: 2] > > 01/12-14:10:11.568007 45.253.14.97:49847 -> 127.167.228.85:5460 > > TCP TTL:64 TOS:0x0 ID:37583 IpLen:20 DgmLen:40 > > ******S* Seq: 0x3F4BB00A Ack: 0x0 Win: 0x200 TcpLen: 20 > > > > Thanks > > Craig > > > > > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> > > iQA/AwUBPEchztqAgf0xoaEuEQJ4TACfeH/voSSUxDHrssH2yxJzHMZwmBcAnAlF > 0A9v/M5EMTD2QQeYsszeN2Dq > =tCcQ > -----END PGP SIGNATURE----- >
msg03046/pgp00000.pgp
Description: PGP signature