ipcop and loopback

Hi,
ipcop intrusion detection system returns this advice

Sid:528
Under normal circumstances traffic to the localhost (127.0.0.0/8) should
only be seen on the loopback interface (lo0).

an indicator of unauthorized network use, reconnaisance activity or
system compromise. These rules may also generate an event due to
improperly configured network devices

How to set up an iptable rule to fix it?
Thanks

Sauro wrote:

> Hi,
> ipcop intrusion detection system returns this advice
>
> Sid:528
> Under normal circumstances traffic to the localhost (127.0.0.0/8) should
> only be seen on the loopback interface (lo0).
>
> an indicator of unauthorized network use, reconnaisance activity or
> system compromise. These rules may also generate an event due to
> improperly configured network devices
>
> How to set up an iptable rule to fix it?

You plan to use an iptable rule to fix your network misconfiguration? Read
the message. It says your network is misconfigured. 127.0.0.1 is local. Get
it? Iptable rules is the wrong approach. Fixing that bad entry you put in
/etc/hosts would be a better approach.

--
Paul Lutus
http://www.arachnoid.com

"Paul Lutus" <(E-Mail Removed)> ha scritto nel messaggio
news:(E-Mail Removed)...
> Sauro wrote:
>
> > Hi,
> > ipcop intrusion detection system returns this advice
> >
> > Sid:528
> > Under normal circumstances traffic to the localhost (127.0.0.0/8) should
> > only be seen on the loopback interface (lo0).
> >
> > an indicator of unauthorized network use, reconnaisance activity or
> > system compromise. These rules may also generate an event due to
> > improperly configured network devices
> >
> > How to set up an iptable rule to fix it?
>
> You plan to use an iptable rule to fix your network misconfiguration? Read
> the message. It says your network is misconfigured. 127.0.0.1 is local.
Get
> it? Iptable rules is the wrong approach. Fixing that bad entry you put in
> /etc/hosts would be a better approach.
>
> --
> Paul Lutus
> http://www.arachnoid.com
>
I agree with you, the problem is that I am a newbie in Linux and I am not
able to fix that. I tried to remove that entry but nothing changed? Can you
indicate the way?
Thanks

Sauro wrote:

< snip >

>> Iptable rules is the wrong approach. Fixing that bad entry you put in
>> /etc/hosts would be a better approach.
>>
>> --
>> Paul Lutus
>> http://www.arachnoid.com
>>
> I agree with you, the problem is that I am a newbie in Linux and I am not
> able to fix that. I tried to remove that entry but nothing changed? Can
> you indicate the way?

You can see the contents of your /etc/hosts file, but you have no idea what
to do. We have an idea what to do, but we cannot see the contents of your
/etc/hosts file.

Shall I set off marine emergency flares for you? Beat drums at midnight?
What does it take to get people to post something besides idle banter?

--
Paul Lutus
http://www.arachnoid.com

"Paul Lutus" <(E-Mail Removed)> ha scritto nel messaggio
news:(E-Mail Removed)...
> Sauro wrote:
>
> < snip >
>
> >> Iptable rules is the wrong approach. Fixing that bad entry you put in
> >> /etc/hosts would be a better approach.
> >>
> >> --
> >> Paul Lutus
> >> http://www.arachnoid.com
> >>
> > I agree with you, the problem is that I am a newbie in Linux and I am
not
> > able to fix that. I tried to remove that entry but nothing changed? Can
> > you indicate the way?
>
> You can see the contents of your /etc/hosts file, but you have no idea
what
> to do. We have an idea what to do, but we cannot see the contents of your
> /etc/hosts file.
>
the etc/hosts content is simply
127.0.0.1 localhost
192.168.10.15 ipcop

The intrusion detection system indicates a possible device misconfiguration,
I am expected to deal with a driver not hosts file. ?????


> Shall I set off marine emergency flares for you? Beat drums at midnight?
> What does it take to get people to post something besides idle banter?
>
Be patient have you ever been e newbie?

> --
> Paul Lutus
> http://www.arachnoid.com
>

Sauro wrote:

< snip >

> the etc/hosts content is simply
> 127.0.0.1 localhost
> 192.168.10.15 ipcop

I just checked and you don't say which distribution you have. Therefore, on
general principles, not because I know this is required, change the first
line to:

127.0.0.1 localhost.localdomain localhost

It may not matter, depending on your distribution.

>
> The intrusion detection system indicates a possible device
> misconfiguration, I am expected to deal with a driver not hosts file.
> ?????

They are interrelated. The configuration files in Linux pretty much make or
break your network capabilities and degree of protection against intrusion.

Also, the entire idea of computers is software (written, evanescent things)
controlling hardware (solid, corporeal things).


>> Shall I set off marine emergency flares for you? Beat drums at midnight?
>> What does it take to get people to post something besides idle banter?
>>
> Be patient have you ever been e newbie?

I AM being patient. When I stop being patient, you'll know.

--
Paul Lutus
http://www.arachnoid.com