Bugtraq mailing list archives

Re: Loopback and multi-homed routing flaw in TCP/IP stack.

From: Lincoln Yeoh <lyeoh () POP JARING MY>
Date: Wed, 7 Mar 2001 09:47:15 +0800

At 08:18 PM 06-03-2001 -0000, David Litchfield wrote:


This affects Windows NT as well. I spoke of the exact same problem back in
the December of 1998 (http://www.securityfocus.com/vdb/bottom.html?vid=1692
for the BID and http://oliver.efri.hr/~crv/security/bugs/NT/msproxy3.html
for the details) whereby we could get to the "clean" interface via the
"dirty" interface on MS Proxy II and from there to the rest of the


Does it really affect Windows NT?

I find if IP forwarding is on, then yes you can ping its 127.0.0.1
interface (this seems expected to me). But if it's off 127.0.0.1 is not
accessible (just like in Windows 9x).

I tested this sometime last year with Linux 2.0.

Recently I found that Linux 2.2 seems to behave strangely - I couldn't
bring down the lo0 interface and ping a remote 127.0.0.1

Freebsd 4.2 and Linux 2.0 are indeed vulnerable to this multihome thingy.
In fact I did use this feature for a Linux 2.0 firewall - I used the IPs as
DMZ IPs.

However it appears to me that it would be hard to exploit this from a host
more than one network away.

Cheerio,
Link.

Current thread:

Re: Loopback and multi-homed routing flaw in TCP/IP stack., (continued)
- - - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Dan Harkless (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Kyle Sparger (Mar 05)
  - Re: Loopback and multi-homed routing flaw in TCP/IP stack. MaD dUCK (Mar 05)
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. J. Bol (Mar 06)
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Kyle Sparger (Mar 06)
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Kurt Seifried (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Neil W Rickert (Mar 05)
  - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Ben Laurie (Mar 06)
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. David Litchfield (Mar 06)
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Robert Collins (Mar 06)
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Lincoln Yeoh (Mar 07)
  - Message not available
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Lars Mathiesen (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Lothar Beta (Mar 06)
  - Re: Loopback and multi-homed routing flaw in TCP/IP stack. David Damerell (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. 3APA3A (Mar 06)
  - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Martin Macok (Mar 06)
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. 3APA3A (Mar 07)
  - Re: Loopback and multi-homed routing flaw in TCP/IP stack. bert hubert (Mar 06)
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Crist Clark (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Darren Reed (Mar 06)
  - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Woody (Mar 06)

(Thread continues...)