RFC 1166 states that:
The class A network number 127 is assigned the "loopback"
function, that is, a datagram sent by a higher level protocol
to a network 127 address should loop back inside the host. No
datagram "sent" to a network 127 address should ever appear on
any network anywhere.
Linux does not enforce this. I have uncovered some users using this
function to attempt to circumvent the firewall. I am able to "create" 127
network traffic as follows:
Machine 1: ifconfig eth0:1 127.1.2.3 [ running kernel 2.2.14 ]
Machine 2: ifconfig eth0:1 127.1.2.4 [ running kernel 2.4.19 ]
Machine 2: ping 127.1.2.3
Packets move between the hosts. Also seems to work on Macintosh.
tc
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Sep 23 2002 - 22:00:17 EST