Re: Web session come from IP 127.0.0.1 ???

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Tony Su (anonymous_at_discussions.microsoft.com)
Date: 03/19/04 

Date: Fri, 19 Mar 2004 14:12:16 -0800

I've been wondering about that though...

Some applications residing on the ISA server itself might
use 127.0.0.1. An example might be a website sending mail
and referencing 127.0.0.1 for SMTP.

I've been configuring my mail for a real LAN address, but
what about single NIC installations where you don't have
any choice but to use the loopback address? Depending on
what layer is blocking, would a local application be able
to send mail because it's recognized as a local process
(unlikely) or be blocked because the call is coming
through the IP layer?

Although a single NIC machine wouldn't have the ability to
operate in FW mode, IMO it's still a relevant question
because it might be considered a more basic configuration
of Windows.

Tony Su

>-----Original Message-----
>That is the "latest craze" in spoofing atacks. Block the
whole 127.0.x.x
>address range in both directions at the router so none of
your machines even
>have to worry about it. That "local host" address block
is never supposed to
>"travel" anywhere beyond the local machine it is
happening on so completely
>blocking it is perfectly fine.
>
>
>--
>
>Phillip Windell [MCP, MVP, CCNA]
>www.wandtv.com
>
>
>"Spinext" <spinextt@yahoo.com> wrote in message
>news:b43901c40d55$91272720$a001280a@phx.gbl...
>> I'm using ISAServer 2000 on Windows Advanced Server
2000,
>> with over 100 clients.
>> It works fine except one thing makes me confuse:
>> In ISA session monitor, I saw Web session come from IP
>> 127.0.0.1.
>> I don't understand why it is, because 127.0.0.1 is
>> localhost. I think that some client use firewall-pass-
>> through tool, how to determine the real IP. Is it true?
>>
>> Spin
>
>
>.
>