[13067] in bugtraq
Re: Various Errors in Slackware
daemon@ATHENA.MIT.EDU (Mariusz Woloszyn)
Wed Dec 22 16:31:16 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-2
Message-Id: <Pine.LNX.4.10.9912221017060.22692-100000@sernik.hq.ipartners.pl>
Date: Wed, 22 Dec 1999 10:26:53 +0100
Reply-To: Mariusz Woloszyn <emsi@IT.PL>
From: Mariusz Woloszyn <emsi@IT.PL>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.9912221003480.22692-100000@sernik.hq.ipartners.pl>
Content-Transfer-Encoding: 8bit
On Wed, 22 Dec 1999, Mariusz Woloszyn wrote:
> "Disabled by default"! I noticed Patrick Volkerding long time before
> Slackware 7 (as soon as I found it in 4.0).
>
BTW: I got a replay (long time ago -- Fri, 16 Jul 1999) from Patrick
saying:
"You might want to report this to the kernel developers, since the comment
is taken directly from /usr/src/linux/Documentation/Configure.help, and is
still there in 2.2.10.
Best regards,
Pat"
And the documentation still says wrong:
" If you turn on IP forwarding, you will also get the rp_filter, which
automatically rejects incoming packets if the routing table entry
for their source address doesn't match the network interface they're
arriving on. This has security advantages because it prevents the
so-called IP spoofing, however it can pose problems if you use
asymmetric routing (packets from you to a host take a different path
than packets from that host to you) or if you operate a non-routing
host which has several IP addresses on different interfaces. To turn
rp_filter off use:
echo 0 > /proc/sys/net/ipv4/conf/<device>/rp_filter
or
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
"
Regards,
P.S. Cc to Axel Boldt (boldt@math.ucsb.edu) as he is mentioned as a
maintainer of Configure.help
--
Mariusz Wołoszyn
Internet Security Specialist, Internet Partners, GTS Poland
E-mail: emsi@it.pl
