In-Reply-To: <[EMAIL PROTECTED]> Well IP spoofing is still very very effective. But the chances of someone from the internet spoofing a 127.0.0.1 source address in a packet and that packet actually making it to you is HIGHLY unlikely. Any correctly configured router should drop this packet because of its source address. Someone from inside the LAN might be able to exploit it somehow/someway but the chances are extremely low. There should be no real reason to goto great lengths to ensure the validity of the packets as the chances of someone spoofing with this source address and actually exploiting your application are like i said really low. --chris
http://elusive.filetap.com >Received: (qmail 20693 invoked from network); 25 Jul 2003 15:27:22 -0000 >Received: from outgoing2.securityfocus.com (205.206.231.26) > by mail.securityfocus.com with SMTP; 25 Jul 2003 15:27:22 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing2.securityfocus.com (Postfix) with QMQP > id 6559A8F3F5; Fri, 25 Jul 2003 09:28:56 -0600 (MDT) >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >Precedence: bulk >List-Id: <security-basics.list-id.securityfocus.com> >List-Post: <mailto:[EMAIL PROTECTED]> >List-Help: <mailto:[EMAIL PROTECTED]> >List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >List-Subscribe: <mailto:[EMAIL PROTECTED]> >Delivered-To: mailing list [EMAIL PROTECTED] >Delivered-To: moderator for [EMAIL PROTECTED] >Received: (qmail 8748 invoked from network); 25 Jul 2003 14:48:04 -0000 >Content-Type: text/plain >Content-Disposition: inline >Content-Transfer-Encoding: 7bit >Mime-Version: 1.0 >X-Mailer: MIME-tools 5.41 (Entity 5.404) >Date: Fri, 25 Jul 2003 07:44:43 -0700 (PDT) >From: Craig Minton <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Trusting localhost? >Reply-To: [EMAIL PROTECTED] >X-Originating-Ip: [204.167.177.68] >Message-Id: <[EMAIL PROTECTED]> > >If you are creating an application that communicates using TCP, but only > want to take requests from the localhost, are there reasons why you >would not want to check that the incoming request is from localhost and >then trust it? This is in a Windows environment. Would IP spoofing >work if the application was checking for the IP address 127.0.0.1? If >so, how likely is it that IP spoofing would work today, in a corporate >environment? > >Thank you for any direction you can provide. > > > >_____________________________________________________________ >Fight the power! BlazeMail.com > >-------------------------------------------------------------------------- - >-------------------------------------------------------------------------- -- > > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
