Webscrab proxy creates loads of TCP6 connections despite IPV6 being down

broy32000 · January 29, 2020, 8:07pm

I am working in Kali Linux. I have disabled ipv6 by the command, "sysctl -w net.ipv6.conf.all.disable_ipv6=1". Below output of "ifconfig -a" shows no IPV6.

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.119  netmask 255.255.255.0  broadcast 192.168.1.255
        ether 08:00:27:ac:d6:52  txqueuelen 1000  (Ethernet)
        RX packets 3464  bytes 265390 (259.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 185  bytes 29219 (28.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.141.11  netmask 255.255.255.0  broadcast 192.168.141.255
        ether 08:00:27:42:25:3e  txqueuelen 1000  (Ethernet)
        RX packets 6695  bytes 427120 (417.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 27  bytes 2250 (2.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

But when I enable "Webscrab" proxy, I see loads of TCP6 connection as below:

tcp6       0      0 127.0.0.1:48810         127.0.0.1:8008          ESTABLISHED
tcp6       0      0 127.0.0.1:8008          127.0.0.1:43334         ESTABLISHED

....

tcp6       0      0 127.0.0.1:44566         127.0.0.1:8008          ESTABLISHED
tcp6       0      0 127.0.0.1:46652         127.0.0.1:8008          ESTABLISHED
tcp6       0      0 127.0.0.1:54820         127.0.0.1:8008          CLOSE_WAIT

Any pointer toward the solution will be highly appreciated.

Neo · January 29, 2020, 9:38pm

I believe these 127.0.0.1 loopbacks are not "true network connections" and so IPV6 traffic will not pass since you blocked IPV6 networking.

The title of your post is:

These 127.0.0.1 internal loopbacks are not "true connections" per se.

Did you actually try to pass IPV6 traffic thought that host? If you did, I would be surprised if any IPV6 traffic would pass since you have already disabled IPV6 networking via "sysctl -w net.ipv6.conf.all.disable_ipv6=1 ".

You might want to check to make sure when you installed your proxy server that it did not unintentionally enable your intended block / disabled setup.

PS: You should use CODE tags when you post and insure your posts are well formatted and easy for everyone to read.

Neo · January 29, 2020, 10:18pm

Reference:

See also, for example:

127.0.0.1 IP Address Explained

FYI:

Neo · January 29, 2020, 10:42pm

Also,

If you do not want your proxy server to listen on the kernel loopback interface (127.0.0.1), you can easily fix this by configuring your proxy server to only listen on an IP address.

Just like mysql and other daemon processes, you can configure it to listen on 127.0.0.1 or not.

For example, many people configure mysql to only listen on 127.0.0.1 because they do not want any external connections to mysql; and 127.0.0.1 does not permit external connections.

If you don't want your proxy server to listen on 127.0.0.1, then you simply configure your proxy server to not listen on 127.0.0.1.

From the linux code base:

/* The loopback device is special if any other network devices
 * is present in a network namespace the loopback device must
 * be present. Since we now dynamically allocate and free the
 * loopback device ensure this invariant is maintained by
 * keeping the loopback device as the first device on the
 * list of network devices.  Ensuring the loopback devices
 * is the first device that appears and the last network device
 * that disappears.
*/