[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ih] Origin of the loopback interface

John Levine <johnl at iecc.com> wrote:
> Even on machines that do have physical interfaces, puting a service
> on a loopback address lets me be sure it's only available to other
> processes on the same machine without having to screw around with
> packet filters.

That's not entirely true. The "weak endpoint model" followed by most
systems means that they will accept packets to any of their addresses on
any of their interfaces. This opens you up to attacks from malicious
devices on your LAN(s).

Actually, the weak endpoint model is probably less pervasive than it used
to be because some systems have implemented reverse path filtering.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Biscay, Fitzroy: Southwesterly backing southerly 4 or 5, occasionally 6 in
north. Moderate or rough, occasionally very rough in Fitzroy. Occasional rain
and fog patches in north. Moderate or good, occasionally very poor in north.