-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
That is not true. P stands for proto not port.
- -p proto Shows connections for the protocol specified by proto;
proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with
the -s
option to display per-protocol statistics, proto may be
any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
It has nothing to do with ports. Please DO NOT GIVE ADVICE ON THE
LIST IF YOU ARE NOT SURE OF WHAT YOU ARE SAYING.
Cheers,
Leon
- -----Original Message-----
From: shawn merdinger [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 18, 2002 8:45 PM
Cc: Craig Van Tassle; secuirty-basics
Subject: Re: loopback device
Also, try the following:
netstat -anp
The p option displays the program bound to that socket/port.
>From the looks of your snort log, it did not *appear* to be a
>loopback
address.
- -scm
> On 15-Jan-2002 Craig Van Tassle wrote:
> > My loop back is supposed to be 127.0.0.1.. at least that is what
> > my ifconfig shows me.. and i have no idea what program is
> > running on that port. Do you think that i could have a possible
> > intrusin?
> >
> > Thanks
> > Craig
> >
> > On Tue, Jan 15, 2002 at 10:44:48AM -0800, Glenn Pitcher wrote:
> >> No, you can't bypass the firewall using the loopback interface.
> >> Whats interesting though is the IP address they're using...
> >> usually loopback is 127.0.0.1 and the port number, 5460 isn't
> >> assigned to anyone so what program is running?
> >>
> >> -----Original Message-----
> >> From: Craig Van Tassle [mailto:[EMAIL PROTECTED]]
> >> Sent: Monday, January 14, 2002 8:48 AM
> >> To: secuirty-basics
> >> Subject: loopback device
> >>
> >>
> >> Is it possible for someone over a network to use my loopback to
> >> by pass my firewall? If so what can i do to mitigate the
> >> problem and how damageing can it be?
> >>
> >> The reason im asking is my Snort sytem is showing badd loopback
> >> traffic.. thanks
> >>
> >> here is a snipit from my snort logs.
> >>
> >> [**] [1:528:2] BAD TRAFFIC loopback traffic [**]
> >> [Classification: Potentially Bad Traffic] [Priority: 2]
> >> 01/12-14:10:11.568007 45.253.14.97:49847 -> 127.167.228.85:5460
> >> TCP TTL:64 TOS:0x0 ID:37583 IpLen:20 DgmLen:40
> >> ******S* Seq: 0x3F4BB00A Ack: 0x0 Win: 0x200 TcpLen: 20
> >>
> >> Thanks
> >> Craig
> >>
> >>
>
> - --
> Phillip O'Donnell
> Software Engineer, Esphion Limited
> [EMAIL PROTECTED]
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.1i
>
> iQA/AwUBPEXd7nbXtTBvmfCfEQKNyQCfd08qxIx1+JqoOl47TH/pm74eSRcAoO7g
> Ky+CD/KuL2KCESveLJw30Gb1
> =VjXg
> -----END PGP SIGNATURE-----
>
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBPExZDdqAgf0xoaEuEQK/AwCgrV/Qlvx1IWJAZTd3Nj8GZv1naOgAnREV
KVGYnYIsKnsMNF+zyt4M76cB
=jg5K
-----END PGP SIGNATURE-----
