-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What do you mean by what program is running on this port? I am not sure if you consider the loop back address a port as much as what it is (ie; a loopback address). I don't know if you can bind running process to the loopback addy. Even if you possibly could, an attacker never would because you would be unable to route traffic to it.
HTH, Leon - -----Original Message----- From: Craig Van Tassle [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 15, 2002 2:35 PM To: secuirty-basics Subject: Re: loopback device My loop back is supposed to be 127.0.0.1.. at least that is what my ifconfig shows me.. and i have no idea what program is running on that port. Do you think that i could have a possible intrusin? Thanks Craig On Tue, Jan 15, 2002 at 10:44:48AM -0800, Glenn Pitcher wrote: > No, you can't bypass the firewall using the loopback interface. > Whats interesting though is the IP address they're using... usually > loopback is 127.0.0.1 and the port number, 5460 isn't assigned to > anyone so what program is running? > > -----Original Message----- > From: Craig Van Tassle [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 14, 2002 8:48 AM > To: secuirty-basics > Subject: loopback device > > > Is it possible for someone over a network to use my loopback to by > pass my firewall? If so what can i do to mitigate the problem and > how damageing can it be? > > The reason im asking is my Snort sytem is showing badd loopback > traffic.. thanks > > here is a snipit from my snort logs. > > [**] [1:528:2] BAD TRAFFIC loopback traffic [**] > [Classification: Potentially Bad Traffic] [Priority: 2] > 01/12-14:10:11.568007 45.253.14.97:49847 -> 127.167.228.85:5460 > TCP TTL:64 TOS:0x0 ID:37583 IpLen:20 DgmLen:40 > ******S* Seq: 0x3F4BB00A Ack: 0x0 Win: 0x200 TcpLen: 20 > > Thanks > Craig > > -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPEchztqAgf0xoaEuEQJ4TACfeH/voSSUxDHrssH2yxJzHMZwmBcAnAlF 0A9v/M5EMTD2QQeYsszeN2Dq =tCcQ -----END PGP SIGNATURE-----
