netwrk sniffers and localhost

Karl Larsen k5di at zianet.com
Mon Oct 1 20:28:36 UTC 2007 

Charles Curley wrote:
> On Mon, Oct 01, 2007 at 02:45:30PM -0500, Aaron Konstam wrote:
>   
>> This may be an off the wall question but here goes. When you bring up
>> the cups web interface ans choose to administer your printers, you are
>> asked to login with a username and passwd. Usually it is the name root
>> and roots passwd that works.
>>
>> Let us say some one has a network sniffer on another machine on your
>> LAN. Since the root passwd your type is going to localhost network it
>> should be handled by the loopback interface.
>>
>> Is it? And if that is so can a sniffer on the LAN see the passwd
>> entered?
>>     
>
> What is the URL that gets you to the CUPS IF? Mine is
> http://localhost:631/, do in my case, yes, it is localhost. If your
> name resolution is set up correctly, that should point to the local
> loopback device:
>
> [root at dragon ~]# host localhost
> localhost has address 127.0.0.1
> localhost has IPv6 address ::1
> [root at dragon ~]# ifconfig lo
> lo        Link encap:Local Loopback  
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:19437 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:19437 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0 
>           RX bytes:4729638 (4.5 MiB)  TX bytes:4729638 (4.5 MiB)
>
> So, yes, it should go to the local loopback device (LLD).
>
> The whole point of the LLD is that it never goes to the network. With
> a properly written LLD, a packet should go to the IP level of the
> TCP/IP stack. The LLD's IP code simply swaps the source and
> destination addresses and ports, and hands the packet back to the
> appropriate higher level protocol (ICMP, TCP, UDP, etc.). (I haven't
> looked at the source for Linux's LLD, but that's basically what the
> one I wrote did.)
>
> So if the LLD is properly written, a sniffer on another machine should
> never see any packets to or from a LLD.
>
> As you probably know, the X protocol uses TCP/IP to communicate
> between clients (programs) and servers (displays, keyboards,
> etc.). Think of the security implications when X traffic doesn't
> travel over the loopback device. A cracker who can scarf your X
> packets could watch you compose mash notes to your secretary on
> company time in real time. Not very secure! This is one of several
> reasons the normal "xhost" authentication is deprecated in favor of
> SSH. So, yeah, the TCP/IP security folks have already thought of this
> question.
>
>   
    A few weeks ago I got caught sleeping. I figured the hardware 
firewall will keep all hackers away but I was very wrong. A guy bent on 
doing something minor established a ssh connection to my computer and 
then guessed my user name and password. It was very simple. I have since 
changed the password. He just went to my browser and there connected to 
web pages that take hours to come up. I think the guy, and know the web 
pages, are in Germany.

    If he wants to try again it will not work.



-- 

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.

More information about the users mailing list