[Dshield] Scanning from 127.0.0.1

John Hardin johnh at aproposretail.com
Fri Sep 26 00:24:03 GMT 2003


On Thu, 2003-09-25 at 16:59, Bruce & Roma wrote:

> 24/09/03 07:20:29 PM Inbound TCP to local port ="1092"  Remote Port="80" 
> Remote IP="127.0.0.1" Action Prevented
> 
> 24/09/03 07:22:14 PM Inbound TCP to local port ="1307"  Remote Port="80" 
> Remote IP="127.0.0.1" Action Prevented
> 
> 25/09/03 07:21:57 PM Inbound TCP to local port ="1680" Remote Port="80" 
> Remote IP="127.0.0.1" Action Prevented
> 
> What I do not understand is how this was ever routed, especially if
> my ISP is doing it's job properly.

Unfortunately there's not enough information there to tell whether
there's a problem, as it does not indicate which network interface the
traffic came in on or what the destination IP address is. 

Your personal firewall may very well be blocking legitimate traffic on
the loopback interface. ZA Free, for example, puts 127.0.0.1 in the
Internet zone by default, and you have to manually add it to the Trusted
zone.

--
John Hardin  KA7OHZ                           
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
  There is no problem that cannot be solved by the appropriate
  application of high explosives.
-----------------------------------------------------------------------
 41 days until Matrix Revolutions




More information about the list mailing list