From owner-freebsd-ipfw  Fri May 19 15:35:29 2000
Delivered-To: freebsd-ipfw@freebsd.org
Received: from juice.shallow.net (node16229.a2000.nl [24.132.98.41])
	by hub.freebsd.org (Postfix) with ESMTP id 9E0AB37BFD8
	for <freebsd-ipfw@FreeBSD.ORG>; Fri, 19 May 2000 15:35:24 -0700 (PDT)
	(envelope-from joshua@roughtrade.net)
Received: from localhost (joshua@localhost)
	by juice.shallow.net (8.9.3/8.9.3) with ESMTP id AAA48825;
	Sat, 20 May 2000 00:36:40 +0200 (CEST)
	(envelope-from joshua@roughtrade.net)
Date: Sat, 20 May 2000 00:36:40 +0200 (CEST)
From: Joshua Goodall <joshua@roughtrade.net>
To: "Mark W. Krentel" <krentel@dreamscape.com>
Cc: archie@whistle.com, freebsd-ipfw@FreeBSD.ORG
Subject: Re: rc.firewall rule 200
In-Reply-To: <200005160016.UAA02420@dreamscape.com>
Message-ID: <Pine.BSF.4.21.0005200033510.45886-100000@juice.shallow.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Mon, 15 May 2000, Mark W. Krentel wrote:

> Ok, good point.  But this attack can only be launched from one hop
> away, right?  A legitimate machine would not forward a packet destined
> for 127.0.0.1, so the attacker has to be one hop away.

On a typical cable modem network that's still a great many "potentially
hostile" hosts.

> So, don't you also want to block spoofing of 127.0.0.1?

I don't know about others on this list, but I'm taking your suggestion and
adding it to my ruleset. Caveat emptor applies of course, but nothing
broke immediately.

- J



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message