[14443] in bugtraq
Re: Security Problems with Linux 2.2.x IP Masquerading
daemon@ATHENA.MIT.EDU (Darren Reed)
Wed Mar 29 12:51:59 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <200003290559.PAA18421@cairo.anu.edu.au>
Date: Wed, 29 Mar 2000 15:59:09 +1000
Reply-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
From: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
X-To: Nigel.Metheringham@VDATA.CO.UK
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <E12a1vv-00038E-00@rioja.localnet> from "Nigel Metheringham" at
Mar 28, 2000 08:45:47 PM
In some mail from Nigel Metheringham, sie said:
>
> hdm@SECUREAUSTIN.COM said:
> > The UDP masquerading code only checks the DESTINATION PORT to
> > determine if a packet coming from the external network is to be
> > forwarded inside.
>
> this is due to a number of hosts/services returning UDP from an IP
> other than that which the original UDP packet went to - for example it
> is frequently the case that NFS servers just use the interface ip
> address "closest" to that which the NFS op came from.
Common sense would suggest that the client should be using that address
too...
> I'll give this some thought to work out a way of narrowing this hole (I
> don't think it can be completely closed without causing other problems).
Here's some advice from the implementation of IP Filter:
I've had it closed since day 0 and had 0 reports of problems because of it.
Cheers,
Darren
