Re: [Full-Disclosure] Odd packet?

On 26.05.2004 11:05:43 +0000, Valentino Squilloni - Ouz wrote:
> On Wed, 26 May 2004, Steffen Schumacher wrote:
>
> []
> > However, as you said, no ISP, which has to follow rules and regulations
> > in the western world allows spoofing of or even routing of the 127/8 net.
>
> Yes, but 127/8 as the source or the destination ?

Well no matter which, a packet with that src or dst should *never' originate 
from the ISP.
I haven't heard of anyone routing 127/8 or allowing spoofing of 127/8 addresses.
I can only speak for my own company (a middlesized european ISP), and none of 
our > 1k backbone 
routers route 127/8 or allow incoming packets with src 127/8 unless its in L2/3 
VPN.
 
the 127/8 is reserved for loopback interfaces and should NOT be routed or 
allowed. Any breach of this 
should result in complaints to the ISP in question!.

> Even the OP didn't mentioned this.  I'm proned to believe those packets
> have 127.0.0.1 as the source of the packets.

I'm proned to think that if indeed these packets was seen on the wire, it was 
his own pc that
generated them.


PS. To Maarten: Sorry for mixing your name in this one Maarten - I apologize!
 
> -- 
> > avendo accesso come root ad un server remoto, come potrei fare a rendere
> > il sistema non utilizzabile ma in modo sottile ?
> Se NT puo' installarsi via FTP, e' la tua risposta.
>                 -- Leonardo Serni
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html