[13057] in bugtraq
Re: Various Errors in Slackware
daemon@ATHENA.MIT.EDU (Mariusz Woloszyn)
Wed Dec 22 14:39:46 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-2
Message-Id: <Pine.LNX.4.10.9912221003480.22692-100000@sernik.hq.ipartners.pl>
Date: Wed, 22 Dec 1999 10:13:00 +0100
Reply-To: Mariusz Woloszyn <emsi@IT.PL>
From: Mariusz Woloszyn <emsi@IT.PL>
X-To: Dagmar d'Surreal <dagmar@DSURREAL.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.20.9912211215410.27285-100000@bastion.dsurreal.org>
Content-Transfer-Encoding: 8bit
On Tue, 21 Dec 1999, Dagmar d'Surreal wrote:
> IPV4 PACKET FORWARDING -- Should not be on by default
Above is true for Slackware 4.0
(...)
> RP_FILTER -- Probably incorrect assumption
> ------------------------------------------
> Just below the section that turns on IP forwarding is a section that
> theoretically turns on rp_filter, which is supposed to do source
> validation of incoming packets to prevent outside lusers from firing
> spoofed packets into your local network. This is supposed to go on by
> default once ip_forwarding is turned on, according to both the comments in
> the script and the kernel documentation. (Annoyingly enough, the
> interface for it in /proc still emits a 0 when ip_forwarding is turned on,
> which leads me to believe that something might be missing in the kernel,
> although I might be the only person that ever tries to read proc first to
> see what's on and what's off.) Better to be safe than sorry and change
> the logic to stuff a 1 in there if IPV4_FORWARD is true, and a zero in
> there if it's false.
>
It also applyes to Slackware 4.0, but it isn't kernel problem. Kernel
documentation says:
# rp_filter
# Integer value deciding if source validation should be made.
# 1 means yes, 0 means no. Disabled by default, but
# local/broadcast address spoofing is always on.
#
"Disabled by default"! I noticed Patrick Volkerding long time before
Slackware 7 (as soon as I found it in 4.0).
Anyway you're not the only person that ever tries to read proc first :)
Regards,
--
Mariusz Wołoszyn
Internet Security Specialist, Internet Partners, GTS Poland
E-mail: emsi@it.pl
