Home > mailing lists

Re: enabling tcpip_socket by default - Mailing list pgsql-hackers

From	Andrew Dunstan
Subject	Re: enabling tcpip_socket by default
Date	May 17, 2004 21:57:01
Msg-id	40A93610.1010105@dunslane.net Whole thread Raw
In response to	Re: enabling tcpip_socket by default (Greg Stark <gsstark@mit.edu>)
Responses	Re: enabling tcpip_socket by default (Bruno Wolff III <bruno@wolff.to>)
List	pgsql-hackers

Tree view

Greg Stark wrote:

>  
>
>>Ah! Of course. That makes sense, and listening on 127.0.0.1 never
>>hurt anyone (except, of course, the tinfoil hat crowd nmapping
>>localhost in a frenzy...)
>>    
>>
>
>Actually on many systems it was very possible to send packets to a machine
>with a source address of 127.0.0.1 even over external networks or through
>routers. Making an attack out of this on a TCP service would be difficult, but
>it has been done.
>
>Good OS distributions install network filters by default to refuse such
>packets, but lots of OSes still don't do this.
>
>  
>


But what we listen to relates to the destination address of the packets, 
not the source address ...

cheers

andrew

pgsql-hackers by date:

From: Greg Stark
Date: 17 May 2004, 21:54:00
Subject: Re: enabling tcpip_socket by default

From: Doug McNaught
Date: 17 May 2004, 22:01:58
Subject: Re: enabling tcpip_socket by default

Re: enabling tcpip_socket by default - Mailing list pgsql-hackers

Previous

Next