Re: ipcop and loopback

From: Paul Lutus (nospam_at_nosite.zzz)
Date: 10/10/03


Date: Thu, 09 Oct 2003 15:27:59 -0700

Sauro wrote:

> Hi,
> ipcop intrusion detection system returns this advice
>
> Sid:528
> Under normal circumstances traffic to the localhost (127.0.0.0/8) should
> only be seen on the loopback interface (lo0).
>
> an indicator of unauthorized network use, reconnaisance activity or
> system compromise. These rules may also generate an event due to
> improperly configured network devices
>
> How to set up an iptable rule to fix it?

You plan to use an iptable rule to fix your network misconfiguration? Read
the message. It says your network is misconfigured. 127.0.0.1 is local. Get
it? Iptable rules is the wrong approach. Fixing that bad entry you put in
/etc/hosts would be a better approach.

-- 
Paul Lutus
http://www.arachnoid.com