[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
On Sunday 18 April 2004 4:00, David Bell wrote:
I seem to be logging a fair amount of the following on the Ipcop IDS Log. What is "Loopback traffic" and why should 127.0.0.1.80 in California be
Loopback is used for certain transactions between local processes and dæmons. Without loopback-allowing rules, things like name-service caching and SSH port forwarding break when you run the iptables script. http://www.linuxjournal.com/article.php?sid=6715 Compare your full log with this: http://lists.suse.com/archive/suse-linux-e/2003-Oct/1183.html So looks like some kind of worm (blaster welchia type) is in the wild and based on the TTL being 122 I am making an assumption that the infected machine is running a Windows system (since TTL is 128 for them after NT) and the infected machine is 6 hops away from my network Google is your friend.
frequently involved? More importantly, what would happen if Ipcop wasn't there to detect/block it?
If it is the same as the example from the suse archive, nothing would happen. You are not running any software that is allowed to respond. -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
Attachment:
pgp00023.pgp
Description: signature