Re: netwrk sniffers and localhost

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Charles Curley wrote:

On Mon, Oct 01, 2007 at 02:45:30PM -0500, Aaron Konstam wrote:

This may be an off the wall question but here goes. When you bring up
the cups web interface ans choose to administer your printers, you are
asked to login with a username and passwd. Usually it is the name root
and roots passwd that works.

Let us say some one has a network sniffer on another machine on your
LAN. Since the root passwd your type is going to localhost network it
should be handled by the loopback interface.

Is it? And if that is so can a sniffer on the LAN see the passwd
entered?


What is the URL that gets you to the CUPS IF? Mine is
http://localhost:631/, do in my case, yes, it is localhost. If your
name resolution is set up correctly, that should point to the local
loopback device:

[root@dragon ~]# host localhost
localhost has address 127.0.0.1
localhost has IPv6 address ::1
[root@dragon ~]# ifconfig lo
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:19437 errors:0 dropped:0 overruns:0 frame:0
          TX packets:19437 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0 RX bytes:4729638 (4.5 MiB) TX bytes:4729638 (4.5 MiB) 

So, yes, it should go to the local loopback device (LLD).

The whole point of the LLD is that it never goes to the network. With
a properly written LLD, a packet should go to the IP level of the
TCP/IP stack. The LLD's IP code simply swaps the source and
destination addresses and ports, and hands the packet back to the
appropriate higher level protocol (ICMP, TCP, UDP, etc.). (I haven't
looked at the source for Linux's LLD, but that's basically what the
one I wrote did.)

So if the LLD is properly written, a sniffer on another machine should
never see any packets to or from a LLD.

As you probably know, the X protocol uses TCP/IP to communicate
between clients (programs) and servers (displays, keyboards,
etc.). Think of the security implications when X traffic doesn't
travel over the loopback device. A cracker who can scarf your X
packets could watch you compose mash notes to your secretary on
company time in real time. Not very secure! This is one of several
reasons the normal "xhost" authentication is deprecated in favor of
SSH. So, yeah, the TCP/IP security folks have already thought of this
question.
A few weeks ago I got caught sleeping. I figured the hardware firewall will keep all hackers away but I was very wrong. A guy bent on doing something minor established a ssh connection to my computer and then guessed my user name and password. It was very simple. I have since changed the password. He just went to my browser and there connected to web pages that take hours to come up. I think the guy, and know the web pages, are in Germany. 

   If he wants to try again it will not work.



--

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux