Coffeehouse Post

Single Post Permalink

View Thread: Software using localhost as a proxy - security concerns?
  • User profile image

    You can't trust who or what you're connecting to - a while back they had a problem with malware on connected computers pretending to be the DHCP server and infecting unpatched machines.

    If you're on a university campus you'll have a big external firewall because the university will be sitting behind a big NAT, so you're probably good.

    If you're in the csci department at your university, you might want to check (via Wireshark) that all of the machines are link-local isolated. Unfortunately there are design bugs in the TCP/IP stack that mean that computers who are situated next to you can do nasty things to your machine (e.g. ARP poisoning and DHCP poisoning (which can lead to DNS poisoning as well as network boot), as well as sending your network card network-on/network-off packets if they're enabled).

    The canonical solution for this is to have all of the machines on the network living in their own subnet, preventing different machines on the network to DHCP or ARPing each other. If you do that, you only have to trust the routers aren't compromised, you don't have to care about the machines that are connected.