[NCAP-Discuss] Honeypots: A Cost-Benefit Analysis (thought content)
Jeff Schmidt
jschmidt at jasadvisors.com
Thu Feb 17 23:18:19 UTC 2022
> Thanks for get the ball rolling. I would add to notification that a number of
> software tools already take "127.0.53.53" into account, like Google Chrome
> (#1 browser in user share) which presents "ERR_ICANN_NAME_COLLISION"
> for such address.
Thanks. Lots of valuable "equity" in 127.0.53.53 at this point.
> On the other hand, on "host data", there are same TCP/IP stacks that will try
> to send traffic to 127.0.53.53. 2014-version macOS was one of those, so in
> some times data leaves the host and eventually gets to a router that drops it.
> This doesn't change the fact that no host ever receives that data, and that a
> majority of Internet-connect hosts drop the traffic before leaving the host,
> but it's probably worth mentioning.
Yeah, when we experimented with all this in our lab in support of our work product/recommendations back in the day, I recall some older BSD-based variants (OSX being one) incorrectly defining localhost as 127/24 instead of 127/8. This has been largely remedied now but certainly is a possibility to encounter this in maybe older things and IOT devices. . .
That was our concern with v6 at the time, we couldn't find an IP that would reliably behave like 127/8 in v4 space. The stacks were all over the place.
Thx,
Jeff
More information about the NCAP-Discuss
mailing list