Would a service bound to 127.0.0.1 respond to packets with destination 127.0.0.1?

Suppose I have a server running on my computer listening at 127.0.0.1

If an attacker were to:

  • Reconfigure my computer so that it does not consider loopback addresses as martian (Sending packets meant for an address on 127.0.0.1/8 to the network on Ubuntu)
  • Hack my switch or other device in a way that enables them to send arbitrary packets (including non RFC-compliant) to my computer's interface

Would the attacker be able to initiate a connection with my server?


Solution 1:

I posit they might be able to initiate a connection to your server, but they would not get a meaningful response back as the IP address - unless they were already in your LAN and compromised other devices to communicate with 127.x.x.x, breaking all the specs.

If the traffic were to go through a gateway it might depend on the routers in place, but would require hacking all the routers in the path.

This can't really be a thing. 127.0.0.1 does not leave the local computer. If it does, it can't go anywhere because its breaking spec.

Solution 2:

Yes, if you explicitly let them disable all protections that the OS has against loopback address spoofing, they'll be able to do that. Makes sense.

(Switches don't really care about sending IP packets, whatever their address is; they only send Ethernet frames. It's routers that would need to be 'hacked' if the attacker is somewhere on a different network than you.)

But if the attacker is privileged enough that they're able to reconfigure your computer this way, they'll in fact already be able to connect directly to your 'localhost' from your own computer, making the whole process unnecessary.