Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > focus-sun > 02 > 110010.html (Request Expert securityfocus.com Support)

Solaris 7 installation is sending 127.0.0.0/8 addresses on the ethernet network...

From: Michael Boman <michael.boman(at)securecirt.com>
Date: Tue Nov 26 2002 - 02:41:28 EST


Hi there,

I have a Solaris 7 (sparc) installation, with the recomended patch-batch installed. This particular installation emits 127.0.0.x addresses on the ethernet, and I wonder if anyone has any pointers what could cause this. (ip addresses has changed to protect the guilty).

# ifconfig -a
lo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232

        inet 127.0.0.1 netmask ff000000 hme0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500 

        inet 172.20.123.24 netmask ffffff00 broadcast 172.20.123.255
        ether 8:0:20:c4:ad:45

# netstat -nr

Routing Table:
  Destination Gateway Flags Ref Use Interface 

-------------------- -------------------- ----- ----- ------ ---------
172.20.123.0         172.20.123.24         U        3  31742  hme0
224.0.0.0 172.20.123.24 U 3 0 hme0 default 172.20.123.1 UG 0 379177 127.0.0.1 127.0.0.1 UH 0 84159 lo0

Here is a text dump from Ethereal that displays the offensive packets:

Frame 1 (60 on wire, 60 captured)

Do you need help?X

    Arrival Time: Nov 22, 2002 11:39:49.573028000     Time delta from previous packet: 0.000000000 seconds     Time relative to first packet: 0.000000000 seconds     Frame Number: 1
    Packet Length: 60 bytes
    Capture Length: 60 bytes
Ethernet II

    Destination: 00:00:0c:07:ac:02 (Cisco_07:ac:02)     Source: 08:00:20:c4:ad:45 (Sun_c4:ad:45)     Type: IP (0x0800) 

    Trailer: 55555555555555555555555555555555...
Internet Protocol, Src Addr: 127.0.0.75 (127.0.0.75), Dst Addr: 108.122.0.0 (108.122.0.0)

    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x07 (DSCP 0x01: Unknown DSCP; ECN: 0x03) 

        0000 01.. = Differentiated Services Codepoint: Unknown (0x01)
        .... ..1. = ECN-Capable Transport (ECT): 1
        .... ...1 = ECN-CE: 1

    Total Length: 20
    Identification: 0xe7c9
    Flags: 0x04 
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set

    Fragment offset: 0
    Time to live: 255
    Protocol: IPv6 hop-by-hop option (0x00)     Header checksum: 0xa853 (correct)
    Source: 127.0.0.75 (127.0.0.75)
    Destination: 108.122.0.0 (108.122.0.0)

Please advice.

Best regards
 Michael Boman 

-- 
Michael Boman
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
http://www.securecirt.com

  • application/pgp-signature attachment: stored
Received on Wed Nov 27 15:40:56 2002

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:36 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library