Re: netwrk sniffers and localhost

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Charles Curley wrote:
On Mon, Oct 01, 2007 at 02:45:30PM -0500, Aaron Konstam wrote:
This may be an off the wall question but here goes. When you bring up
the cups web interface ans choose to administer your printers, you are
asked to login with a username and passwd. Usually it is the name root
and roots passwd that works.

Let us say some one has a network sniffer on another machine on your
LAN. Since the root passwd your type is going to localhost network it
should be handled by the loopback interface.

Is it? And if that is so can a sniffer on the LAN see the passwd
entered?

What is the URL that gets you to the CUPS IF? Mine is
http://localhost:631/, do in my case, yes, it is localhost. If your
name resolution is set up correctly, that should point to the local
loopback device:

[root@dragon ~]# host localhost
localhost has address 127.0.0.1
localhost has IPv6 address ::1
[root@dragon ~]# ifconfig lo
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:19437 errors:0 dropped:0 overruns:0 frame:0
          TX packets:19437 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0 RX bytes:4729638 (4.5 MiB) TX bytes:4729638 (4.5 MiB)

So, yes, it should go to the local loopback device (LLD).

The whole point of the LLD is that it never goes to the network. With
a properly written LLD, a packet should go to the IP level of the
TCP/IP stack. The LLD's IP code simply swaps the source and
destination addresses and ports, and hands the packet back to the
appropriate higher level protocol (ICMP, TCP, UDP, etc.). (I haven't
looked at the source for Linux's LLD, but that's basically what the
one I wrote did.)

So if the LLD is properly written, a sniffer on another machine should
never see any packets to or from a LLD.

As you probably know, the X protocol uses TCP/IP to communicate
between clients (programs) and servers (displays, keyboards,
etc.). Think of the security implications when X traffic doesn't
travel over the loopback device. A cracker who can scarf your X
packets could watch you compose mash notes to your secretary on
company time in real time. Not very secure! This is one of several
reasons the normal "xhost" authentication is deprecated in favor of
SSH. So, yeah, the TCP/IP security folks have already thought of this
question.

A few weeks ago I got caught sleeping. I figured the hardware firewall will keep all hackers away but I was very wrong. A guy bent on doing something minor established a ssh connection to my computer and then guessed my user name and password. It was very simple. I have since changed the password. He just went to my browser and there connected to web pages that take hours to come up. I think the guy, and know the web pages, are in Germany.

   If he wants to try again it will not work.



--

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux