What's the point of being able to change your loopback/localhost 127.0.0.1 address to something else?

Question

I think IPv6 even has a short-hand for localhost as ::1. Are the security implications of using a different loopback address, or someone finding out your loopback address? I guess people are upset about the New York Times snooping their loopback address and I don't understand why NYT would do that, or why anyone would care.

Answer 1

I don't believe there is any security implications in changing the loopback address. As long as you stay in the standard reserved subnet (127.0.0.0/8). Any IP datagram with a source or destination address set to a loopback address must not appear outside of a computing system, or be routed by any routing device. Packets received on an interface with a loopback destination address must be dropped. Such packets are sometimes referred to as Martian packets. As far as security, the loopback has almost no effect on security unless routing tables/loopback interfaces are changed to a different ip address. Take a look at these two articles. https://security.stackexchange.com/questions/6395/can-the-loopback-interface-be-hijacked

https://serverfault.com/questions/300776/if-i-send-data-to-my-computer-using-its-public-hostname-does-it-actually-go-ove?newsletter=1&nlcode=9544%7Cbded

As far as the NY Times article, I read that the security engineer responsible for that code found that a massive number of machines were getting broken into to commit ad fraud. White Ops ran a study last year (http://whiteops.com/botfraud) and found 2/3 of fraud was coming from home users. The code is looking for various patterns in the bots themselves. Look at the comment of that article for more reference.