[19509] in bugtraq
Re: Loopback and multi-homed routing flaw in TCP/IP stack.
daemon@ATHENA.MIT.EDU (Kyle Sparger)
Tue Mar 6 15:53:31 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.10.10103060832550.27400-100000@kyle>
Date: Tue, 6 Mar 2001 08:58:55 -0500
Reply-To: Kyle Sparger <ksparger@DIALTONEINTERNET.NET>
From: Kyle Sparger <ksparger@DIALTONEINTERNET.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010305195042.A12028@madduck.net>
Mad Duck wrote:
> 2.2 is vulnerable, but 2.4 is not. as far as i can tell, 2.4 systems
> don't even have a localhost routing entry anymore.
Actually I can confirm that Linux 2.4 does suffer from it, at least in the
hardwired MAC address case I mentioned. Just took the time to test it.
Andrew Bartlett wrote:
> I'm trying to assess how this affects me. Is Linux 2.2 vulnerable when
> rp_filter is enbled (sys.net.ipv4.all.rp_filter)? If so then the above
> statement is correct, as rp_filter is enabled by default on RedHat
> installs.
I'm reading the documentation on rp_filter (Documentation/Configure.help).
In sum, it appears to implement the command 'ip verify unicast
reverse-path' that you would find on Cisco routers :) Or am I
misunderstanding?
Assuming I'm reading it correctly, then this will not protect you. The
feature only matches against the source, which is not the issue here.
RoMaN SoFt / LLFB !! wrote:
> I've not tested it but perhaps this is a valid workaround for Linux.
I don't think so. Just follow the maintainer's advice, and filter your
interfaces:
# ifconfig eth0 10.0.5.10
# ipchains -A input -i eth0 -d 10.0.5.10 -j ACCEPT
# ipchains -A input -i eth0 -j DENY
Or something like that, anyway. Easy enough, right? :)
Thanks,
Kyle Sparger - Senior System Administrator
ksparger@dialtoneinternet.net - http://www.dialtoneinternet.net
Voice - (954) 581-0097 x 122
"Forget college, I'm going pro."
