-0.4 C
New York
Saturday, February 22, 2025
HomeComputer Networking
Computer Networking

ethernet – Why can I ship 127.0.0.1 to 127.0.0.0 on my community?

By codesanitize
0
3
ethernet – Why can I ship 127.0.0.1 to 127.0.0.0 on my community?


Why can I ship 127.0.0.1 to 127.0.0.0 on my community?

As a result of your community is not stopping you from doing that. The change you are connected to would not care about IP addresses in any respect (except it has L3 capabilities and configuration, e.g. IP ACLs or DHCP snooping/binding). The native stack in your host machine ought to forestall that, however with a restricted stack on an embedded machine it will probably truly be attainable. It is inconceivable although to have these packets cross a router, simply switches.

we modified our FW in order that the mounted IP addresses are 127.0.0.0 and 127.0.0.1.

Usually, that is a very dangerous concept. Utilizing these addresses on the native community is in violation of RFC 1122:

  (g)  { 127,  }
 
                  Inner host loopback deal with.  Addresses of this way
                  MUST NOT seem outdoors a bunch.

If it really works: high quality for now, however could break any time. If it would not work, simply do it accurately.

Principally, when you see these packets in your community, it is the supply host (its implementation) that is violating RFC 1122. There is no bouncer on every community port that filters that site visitors. It is the community admin’s or architect’s job to categorize no matter site visitors as undesirable and take measures in opposition to it.

we’ve a buyer that wishes to make sure that it will probably NOT work on an precise IP community and solely direct.

As @FrameHowitzer has identified, making a product use IP and never work over an IP community on the similar time is not attainable. You may should actively configure that community to inhibit undesirable communication.

If you don’t need these packets to cross routers, link-local aka zeroconf aka APIPA addresses are what you want. Merely use addresses from 169.254.0.0/16 that are outlined to be not routable. I’ve explicitly blackholed these addresses on all our routers, simply to ensure.

On the switches, you’d have to segregate that site visitors utilizing a devoted VLAN. Switches do not care about higher-layer addresses like IP, in order that they’d ahead frames containing link-local and even native loopback addresses simply high quality – however solely inside a VLAN.

If the switches assist L3 ACLs you may filter the precise IP addresses that you don’t need in your community, e.g.

 deny ip 169.254.0.0/16 any
 deny ip any 169.254.0.0/16
 (allow any any)

In a extra advanced configuration you may additionally select to explicitly allow needed site visitors and filter all the remainder.

Previous articleInformation Leaks Occur Most Usually In These States — This is Why
Next articleIs Your Org the Subsequent Goal?
codesanitizehttps://codesanitize.com

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

Load more

ABOUT US

Welcome to CodeSanitize, your number one source for all things coding and technology. We’re dedicated to providing you the very best of software development tutorials, tips, and resources, with a focus on clarity, practical examples, and up-to-date content.

© Copyright 2024 - codesanitize.com. All rights reserved