[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ih] Origin of the loopback interface

Loopback should not be a substitute for IPC. At least one additional reason is that packets sent there might not end up where you think (they could be tunneled elsewhere, e.g..).


> On Oct 23, 2017, at 4:56 AM, Tony Finch <dot at dotat.at> wrote:
> John Levine <johnl at iecc.com> wrote:
>> Even on machines that do have physical interfaces, puting a service
>> on a loopback address lets me be sure it's only available to other
>> processes on the same machine without having to screw around with
>> packet filters.
> That's not entirely true. The "weak endpoint model" followed by most
> systems means that they will accept packets to any of their addresses on
> any of their interfaces. This opens you up to attacks from malicious
> devices on your LAN(s).
> Actually, the weak endpoint model is probably less pervasive than it used
> to be because some systems have implemented reverse path filtering.
> Tony.
> -- 
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
> Biscay, Fitzroy: Southwesterly backing southerly 4 or 5, occasionally 6 in
> north. Moderate or rough, occasionally very rough in Fitzroy. Occasional rain
> and fog patches in north. Moderate or good, occasionally very poor in north.
> _______
> internet-history mailing list
> internet-history at postel.org
> http://mailman.postel.org/mailman/listinfo/internet-history
> Contact list-owner at postel.org for assistance.