> > I noticed recently that I was getting ALOT of stuff from 127.0.0.1:>1024
> > to 127.0.0.1:imap and 127.0.0.1:ssh. Is this some kind of odd
> > scan/exploit? What would it gain?
> > I've currently got all localhost stuff DENIED, in case it is, but I
> > imagine that will play havok with something.... Will it?
> > Aaron Lehmann
> Get yourself a custom built firewall (and check for misspellings) from:
> The author has a book which is an excellent read on IPCHAINS. However,
> if you're using kernel-2.4.0+ this will not mean anything to you unless
> you compiled in ipchains support.
> However, I think you'll find in the ipchains script the means to protect
> your box (and us) from spoof attacks and much, much more.
> - Scott
> Never do Windows again with | Scott M. Nolde
> glaze! |
> 12:10am up 1 day, 6:15, 2 users, load average: 1.12, 1.15, 1.09
I'm using Ipchians... However, I was accepting everything from interface
127.0.0.1, on the assumption that the interface was a hardware thing, and
thus, unspoofable. Evidentally not... Is there anyway that I can set it up
to accept loopback traffic that only COMES from the loopback?