Re: Web session come from IP 127.0.0.1 ???
From: Phillip Windell (_at_.)
Date: 03/19/04
- Next message: Phillip Windell: "Re: ISA IIS Exchange 2003"
- Previous message: Phillip Windell: "Re: Logging users"
- In reply to: Tony Su: "Re: Web session come from IP 127.0.0.1 ???"
- Next in thread: Jim Harrison [MSFT]: "Re: Web session come from IP 127.0.0.1 ???"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 19 Mar 2004 16:50:53 -0600
Worth considering. At the moment I can't think of a "real world" situation
where it would be a problem. Now the router I was considering to block all
this was the Internet router external to the ISA or external on the DMZ if
there was a DMZ. The goal was to keep this from comming in from outside.
Blocking it both ways would prevent "ner-do-wells" who may be employed at
your company from also doing it to other possible victems out on the Net. I
wouldn't do this on a LAN router and would just let the LAN do whatever it
wanted within itself. With SMTP I have never seen anything appear in the
header other than the actual IP# of the machine that the service operated
from, although I admit it isn't anything I've woke up in the morning
thinking I should check on, so.... :-)
-- Phillip Windell [MCP, MVP, CCNA] www.wandtv.com . "Tony Su" <anonymous@discussions.microsoft.com> wrote in message news:d85c01c40dff$3cbe69f0$a601280a@phx.gbl... > I've been wondering about that though... > > Some applications residing on the ISA server itself might > use 127.0.0.1. An example might be a website sending mail > and referencing 127.0.0.1 for SMTP. > > I've been configuring my mail for a real LAN address, but > what about single NIC installations where you don't have > any choice but to use the loopback address? Depending on > what layer is blocking, would a local application be able > to send mail because it's recognized as a local process > (unlikely) or be blocked because the call is coming > through the IP layer? > > Although a single NIC machine wouldn't have the ability to > operate in FW mode, IMO it's still a relevant question > because it might be considered a more basic configuration > of Windows. > > Tony Su > > > > > >-----Original Message----- > >That is the "latest craze" in spoofing atacks. Block the > whole 127.0.x.x > >address range in both directions at the router so none of > your machines even > >have to worry about it. That "local host" address block > is never supposed to > >"travel" anywhere beyond the local machine it is > happening on so completely > >blocking it is perfectly fine. > > > > > >-- > > > >Phillip Windell [MCP, MVP, CCNA] > >www.wandtv.com > > > > > >"Spinext" <spinextt@yahoo.com> wrote in message > >news:b43901c40d55$91272720$a001280a@phx.gbl... > >> I'm using ISAServer 2000 on Windows Advanced Server > 2000, > >> with over 100 clients. > >> It works fine except one thing makes me confuse: > >> In ISA session monitor, I saw Web session come from IP > >> 127.0.0.1. > >> I don't understand why it is, because 127.0.0.1 is > >> localhost. I think that some client use firewall-pass- > >> through tool, how to determine the real IP. Is it true? > >> > >> Spin > > > > > >. > >
- Next message: Phillip Windell: "Re: ISA IIS Exchange 2003"
- Previous message: Phillip Windell: "Re: Logging users"
- In reply to: Tony Su: "Re: Web session come from IP 127.0.0.1 ???"
- Next in thread: Jim Harrison [MSFT]: "Re: Web session come from IP 127.0.0.1 ???"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
