Re: NetScreen having IP spoofing vulanerability with 127.x.x.x ?
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: NetScreen having IP spoofing vulanerability with 127.x.x.x ?

From: Alan Strassberg <paleale@bolt.sonic.net>
Date: Tue Aug 02 2005 - 22:52:02 CEST



In article <42ef7e8f$1_1@spool9-west.superfeed.net>,


Oliver Habegger <oh@cpugs.org> wrote:


>Hi news group


>


>We did an audit on a NetScreen which is port forwarding


>the port 80 to an internal webserver and the audit said that


>we got a IP spoofing problem here. I checked the interface


>of the NetScreen but all are set to "IP spoofing protection".


>


>The audit report mentions that the IP 127.0.0.1 got throught


>so it looks like 127.x.x.x gets thought as valid source IP


>address. This seams a bit strange to me, does NetScreen


>not drop such source IPs by default?


>


>Anyone having experiance with such a "feature" ?



        I assume you are refering to a Netscreen SSL VPN box.


        Netscreen's SAM (Secure Access Manager) utilizes


        loopback IP's to do it's reverse proxying. 127.0.0.1


        is a valid source IP and likely gets mapped on the


        Netscreen. Not a problem.



                                        alan


Received on Thu Sep 29 20:00:14 2005