[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ih] Origin of the loopback interface

Toerless Eckert <tte at cs.fau.de> wrote:
> > John Levine <johnl at iecc.com> wrote:
> > >
> > > Even on machines that do have physical interfaces, puting a service
> > > on a loopback address lets me be sure it's only available to other
> > > processes on the same machine without having to screw around with
> > > packet filters.
> Any URL explaining why it would be an attack to accept packets
> for an address you have on another interface ? I can not see that attack
> vector.

I don't have a good link handy, so I'll try to explain it here...

In John's setup he assumes that a service bound to is only
reachable by other processes on the same host. Maybe because of that the
service is configured to skip authentication/authorization checks.

If I'm on the same LAN as John's host, I can get packets to his supposedly
isolated service by crafting ethernet frames with his host's MAC address
as the destination but as the IP destination.

You can use this trick for good as well as evil :-) Back in the days of
IP-based web virtual hosting we had a setup which bound about 96,000 IP
addresses on the loopback interface of the web servers. The routers in
front of these web servers had static routes configured for the loopback
web IP addresses with a next-hop of the web server's ethernet interface.

(More details about this hack at http://fanf.livejournal.com/124030.html)

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Irish Sea: Southwest 6 to gale 8, decreasing 4 or 5 later. Moderate or rough.
Rain, fog patches. Moderate, occasionally very poor.