[19498] in bugtraq
Re: Loopback and multi-homed routing flaw in TCP/IP stack.
daemon@ATHENA.MIT.EDU (Neil W Rickert)
Tue Mar 6 01:09:19 2001
Message-ID: <15874.983844424@euclid.cs.niu.edu>
Date: Mon, 5 Mar 2001 20:07:04 -0600
Reply-To: Neil W Rickert <rickert+bt@CS.NIU.EDU>
From: Neil W Rickert <rickert+bt@CS.NIU.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Message from Woody <woody@THEBUNKER.NET> of "Mon, 05 Mar 2001
19:44:43 GMT." <3AA3ECAB.EA826D28@thebunker.net>
Woody <woody@THEBUNKER.NET> wrote:
>We believe there to be a serious security flaw in the TCP/IP stack of
>several Unix-like operating systems. Whilst being "known" behavior on
>technical mailing lists, we feel that the implications of this
>"feature" are unexpected. Furthermore, not all platforms behave in the
>same way, which will obviously lead to invalid expectations.
[detailed description snipped]
I am surprised to see this described as a flaw. It is behavior I
have been relying on for some time. Specifically, on my client
machines, I add a route to the alternate interface of my servers via
the direct interface of the same server. This allows direct
connection to the server without relying on a router, regardless of
which IP address is used for the service. For NFS clients, I
consider it important to be able to do this.
If there is a flaw, it is surely in the thinking of people who
mistakenly assumed that multi-homed systems would not behave so as to
allow this.
The original message states
>At the moment, any machine which has either:
>o services running on the loopback interface
>o two or more external interfaces
>must be configured, using a firewall, to drop IP packets arriving from
>the wrong network in order to be secure. This is commonly not the
>case.
This is surely an overstatement. I expect that there are many
multi-homed servers which offer the same network services on each
interface. There do not appear to be any security issues in such
cases.
-NWR
