Jump to content

Block external Interface 127.0.0.1


Recommended Posts

Hi

I have a little problem, i will block from external interface loopback address 127.0.0.1.

Normaly will not routed, but i think i came some attack on this loopback address.

How can i block this address?

Simple:

you make a rules inbound src block 127.0.0.1, it works, but....

you can't use other programms any more. (example Firefox etc.)

How can resolve this problem?

Cheers

Hans

Link to comment
Share on other sites

  • Administrators

Disabling this default rule should prevent any internal communication on localhost. However, it cannot help you unless an attacker has already gained access and is attacking locally running services.

Link to comment
Share on other sites

Verify that an attacker has not set up a localhost proxy server on your device.

Open the hosts file in C:\Windows\System32\drivers\etc and see if entries have been added to the file. Also check the other files in the same directory and see if they have entries added.

Link to comment
Share on other sites

Local proxy is disabled, no proxy is active.

You mean the localhost file, localhost has changed, i have modified this file delete all ip Address.

I will check this.

Thank you

Link to comment
Share on other sites

restart the computer, same problem, exist,

I check my harddiskk with ESET SysRescue Live but nothing found.

Eset Antivirus (full scan) nothing found.

Mailebyte is nothing found.

i think the attack came from outside. i block temp. with src Inbound 127.0.0.0/8 Subnet, but if you restart you can't use other programms, because they use Loopback.

But why can i not use Loopback interface in Eset?

Block outside traffic on this interface?

Link to comment
Share on other sites

Eset uses a hidden proxy via localhost to monitor network traffic; see below screenshot.

Therefore, any firewall rules in regards to localhost monitoring need to be placed after the default firewall rule for ekrn.exe. My advice here is to leave Eset default monitoring of localhost traffic alone.

Eset_Localhost.thumb.png.c3222cb8065d47868922a53700d98cdf.png

Edited by itman
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...