[19535] in bugtraq
Broadcast and multi-homed routing condition in TCP/IP stack.
daemon@ATHENA.MIT.EDU (Kenny Jansson)
Wed Mar 7 12:21:28 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Message-ID: <20010307162641.D27909@sentor.se>
Date: Wed, 7 Mar 2001 16:26:41 +0100
Reply-To: Kenny Jansson <kenson@SENTOR.SE>
From: Kenny Jansson <kenson@SENTOR.SE>
To: BUGTRAQ@SECURITYFOCUS.COM
In light of the current discussion about the "Loopback and multi-homed
routing flaw in TCP/IP stack." it's worth mentioning another "condition"
that exists in some TCP/IP stacks.
Some stacks will allow TCP connection to be established to the broadcast
address configured on any given interface.
FreeBSD has had this behaviour for some time 4.x
up until 2001/03/03 17:39:20 PST when a fix was comitted to RELENG_4
OpenBSD also exhibits this behaviour. (Tested on 2.7)
Linux and Solaris don't.
The reason this condition is worth mention is for the cases when
you expect a number of external addresses to be exposed and you apply
excplicit filtering on those addresses, and wrongly assume that no
other endpoints exists to establish connections to.
Obvious fix of course if running FreeBSD is to update your kernel to
incorporate the commited fix. Obvious workaround is to always practice safe
networking, deny everything, then explicitly allow what should be allowed.
/Kenny
--
Kenny Jansson kenson@sentor.se
Sentor AB, Västra Strandg. 7B, 753 11 Uppsala, Sweden
phn: +46 (0) 18 65 30 00 | gsm: +46 (0) 70 757 30 01
