Re: ipcop and loopback
From: Paul Lutus (nospam_at_nosite.zzz)
Date: 10/10/03
- Next message: Jim Fischer: "Re: changing linux hostname without rebooting"
- Previous message: Paul Lutus: "Re: port 22222 vulnerability"
- In reply to: Sauro: "ipcop and loopback"
- Next in thread: Sauro: "Re: ipcop and loopback"
- Reply: Sauro: "Re: ipcop and loopback"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 09 Oct 2003 15:27:59 -0700
Sauro wrote:
> Hi,
> ipcop intrusion detection system returns this advice
>
> Sid:528
> Under normal circumstances traffic to the localhost (127.0.0.0/8) should
> only be seen on the loopback interface (lo0).
>
> an indicator of unauthorized network use, reconnaisance activity or
> system compromise. These rules may also generate an event due to
> improperly configured network devices
>
> How to set up an iptable rule to fix it?
You plan to use an iptable rule to fix your network misconfiguration? Read
the message. It says your network is misconfigured. 127.0.0.1 is local. Get
it? Iptable rules is the wrong approach. Fixing that bad entry you put in
/etc/hosts would be a better approach.
-- Paul Lutus http://www.arachnoid.com
- Next message: Jim Fischer: "Re: changing linux hostname without rebooting"
- Previous message: Paul Lutus: "Re: port 22222 vulnerability"
- In reply to: Sauro: "ipcop and loopback"
- Next in thread: Sauro: "Re: ipcop and loopback"
- Reply: Sauro: "Re: ipcop and loopback"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
