netwrk sniffers and localhost

Aaron Konstam akonstam at sbcglobal.net
Mon Oct 1 20:42:29 UTC 2007 

On Mon, 2007-10-01 at 14:28 -0600, Karl Larsen wrote:
> Charles Curley wrote:
> > On Mon, Oct 01, 2007 at 02:45:30PM -0500, Aaron Konstam wrote:
> >   
> >> This may be an off the wall question but here goes. When you bring up
> >> the cups web interface ans choose to administer your printers, you are
> >> asked to login with a username and passwd. Usually it is the name root
> >> and roots passwd that works.
> >>
> >> Let us say some one has a network sniffer on another machine on your
> >> LAN. Since the root passwd your type is going to localhost network it
> >> should be handled by the loopback interface.
> >>
> >> Is it? And if that is so can a sniffer on the LAN see the passwd
> >> entered?
> >>     
> >
> > What is the URL that gets you to the CUPS IF? Mine is
> > http://localhost:631/, do in my case, yes, it is localhost. If your
> > name resolution is set up correctly, that should point to the local
> > loopback device:
> >
> > [root at dragon ~]# host localhost
> > localhost has address 127.0.0.1
> > localhost has IPv6 address ::1
> > [root at dragon ~]# ifconfig lo
> > lo        Link encap:Local Loopback  
> >           inet addr:127.0.0.1  Mask:255.0.0.0
> >           UP LOOPBACK RUNNING  MTU:16436  Metric:1
> >           RX packets:19437 errors:0 dropped:0 overruns:0 frame:0
> >           TX packets:19437 errors:0 dropped:0 overruns:0 carrier:0
> >           collisions:0 txqueuelen:0 
> >           RX bytes:4729638 (4.5 MiB)  TX bytes:4729638 (4.5 MiB)
> >
> > So, yes, it should go to the local loopback device (LLD).
> >
> > The whole point of the LLD is that it never goes to the network. With
> > a properly written LLD, a packet should go to the IP level of the
> > TCP/IP stack. The LLD's IP code simply swaps the source and
> > destination addresses and ports, and hands the packet back to the
> > appropriate higher level protocol (ICMP, TCP, UDP, etc.). (I haven't
> > looked at the source for Linux's LLD, but that's basically what the
> > one I wrote did.)
> >
> > So if the LLD is properly written, a sniffer on another machine should
> > never see any packets to or from a LLD.
> >
> > As you probably know, the X protocol uses TCP/IP to communicate
> > between clients (programs) and servers (displays, keyboards,
> > etc.). Think of the security implications when X traffic doesn't
> > travel over the loopback device. A cracker who can scarf your X
> > packets could watch you compose mash notes to your secretary on
> > company time in real time. Not very secure! This is one of several
> > reasons the normal "xhost" authentication is deprecated in favor of
> > SSH. So, yeah, the TCP/IP security folks have already thought of this
> > question.
> >
> >   
>     A few weeks ago I got caught sleeping. I figured the hardware 
> firewall will keep all hackers away but I was very wrong. A guy bent on 
> doing something minor established a ssh connection to my computer and 
> then guessed my user name and password. It was very simple. I have since 
> changed the password. He just went to my browser and there connected to 
> web pages that take hours to come up. I think the guy, and know the web 
> pages, are in Germany.
> 
>     If he wants to try again it will not work.
> 

You need a better passwd. I have tried the latest cracking programs on mine for 
3 days and it was never cracked.
--
=======================================================================
SEMPER UBI SUB UBI!!!!
=======================================================================
Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam at sbcglobal.net

More information about the fedora-list mailing list