As it was written on Jul 25, thus Craig Minton spake unto the masses: Craig: Date: Fri, 25 Jul 2003 07:44:43 -0700 (PDT) Craig: From: Craig Minton <[EMAIL PROTECTED]> Craig: To: [EMAIL PROTECTED] Craig: Subject: Trusting localhost? Craig: Craig: If you are creating an application that communicates using TCP, but only Craig: want to take requests from the localhost, are there reasons why you Craig: would not want to check that the incoming request is from localhost and Craig: then trust it? This is in a Windows environment. Would IP spoofing Craig: work if the application was checking for the IP address 127.0.0.1? If Craig: so, how likely is it that IP spoofing would work today, in a corporate Craig: environment? Craig: Craig: Thank you for any direction you can provide.
127.xxx.yyy.zzz will only go back to itself, never leaving the network (let alone touch it). To spoof it would be pointless. Thanks Scott Birl http://concept.temple.edu/sysadmin/ Senior Systems Administrator Computer Services Temple University ====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====* --------------------------------------------------------------------------- ----------------------------------------------------------------------------
