[ih] Origin of the loopback interface
Joe Touch
touch at strayalpha.com
Mon Oct 23 07:26:28 PDT 2017
Loopback should not be a substitute for IPC. At least one additional reason is that packets sent there might not end up where you think (they could be tunneled elsewhere, e.g..).
Joe
> On Oct 23, 2017, at 4:56 AM, Tony Finch <dot at dotat.at> wrote:
>
> John Levine <johnl at iecc.com> wrote:
>>
>> Even on machines that do have physical interfaces, puting a service
>> on a loopback address lets me be sure it's only available to other
>> processes on the same machine without having to screw around with
>> packet filters.
>
> That's not entirely true. The "weak endpoint model" followed by most
> systems means that they will accept packets to any of their addresses on
> any of their interfaces. This opens you up to attacks from malicious
> devices on your LAN(s).
>
> Actually, the weak endpoint model is probably less pervasive than it used
> to be because some systems have implemented reverse path filtering.
>
> Tony.
> --
> f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
> Biscay, Fitzroy: Southwesterly backing southerly 4 or 5, occasionally 6 in
> north. Moderate or rough, occasionally very rough in Fitzroy. Occasional rain
> and fog patches in north. Moderate or good, occasionally very poor in north.
> _______
> internet-history mailing list
> internet-history at postel.org
> http://mailman.postel.org/mailman/listinfo/internet-history
> Contact list-owner at postel.org for assistance.
More information about the Internet-history
mailing list