Bugtraq mailing list archives
[LINUX] IP_MASQ / Ethernet Passing Traffic After Halt
From: hamors () LITTERBOX ORG (Sean B. Hamor)
Date: Fri, 11 Apr 1997 23:54:14 -0400
-----BEGIN PGP SIGNED MESSAGE----- Friday, April 11, 1997 The Litterbox Sean B. Hamor <hamors () litterbox org> LINUX IP MASQUERADE Synopsis: A problem exists in IP Masquerade under Linux which allows traffic to be passed to external networks even after the gateway host has been halted. As long as a connection has been established from an internal machine via the IP Masquerade gateway to an external host and the Ethernet interfaces inside the machine are still being supplied power, that connection will stay online in a fully interactive state. Even worse, that connection will stay online even if the IP Masquerade gateway machine is rebooted. During a soft reboot, the connection will stay online in a fully interactive state. During a cold reboot, the connection will lose interactivity until the IP Masquerade gateway machine comes back online. After that, the connection will regain interactivity. Impact: During an incoming or outgoing attack, systems administrators may use the "kill switch" tactic to stop the attack and shut down the gateway machine involved in the attack. This creates a false sense of security with that systems administrator thinking that the attack has been successfully stopped. In reality, the connection in question is totally unaffected by the system shutdown. EOF /\_/\ http://www.litterbox.org/~hamors/pgp.txt To err is human. ( o.o ) for PGP public key block To purr feline. > ^ < Sean B. Hamor <hamors () litterbox org> - Robert Byrne The Litterbox: http://www.litterbox.org/ Homeless and Abused Pet Rescue -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQEVAwUBM08HdjU6HlxZIJ+FAQGnMwf/Sxj4pKkMvdJMXKFDKerw6EZHU22edZaW 7CtQ8it2iaw5sjs0wkf6GIUY8Nh9sDP32tOZsJn5YCC19drGjPLYn0AbIRsoYcwk MwUIZOge/8K2kdashLbKYuou/g081ro/ADXhbcKxwT5p/01S1SlyT3DsOEubdb2K /qPaUvo6ErDhIjIdnf4fgTg76MhUlmHP56nWdUc8XwtDA+pu56eZy6vVb7iy/XTS //ccSL8DPZ+nJurfexmaxA4FwDvAKX6eA0sFdUJHxq223mZu6JlVrl6W74yChgRR VqFIQFATtBntLlfvkSQhq/AgAyIY8ETh/DC0qFJuw1ORSjy0WHiszg== =57ov -----END PGP SIGNATURE-----
Current thread:
- qualcomm POP server David Sacerdote (Apr 09)
- Buglet in Bind 4.9.5 Alan Brown (Apr 09)
- Buglet in Bind 4.9.5. [SUMMARY] Alan Brown (Apr 10)
- CIAC Bulletin H-45: Windows NT SAM permission Vulnerability Aleph One (Apr 10)
- Norton Utilities 2.0 Vulnerability Aleph One (Apr 10)
- L0pht Advisory: release of L0phtCrack for NT Aleph One (Apr 11)
- New source address for Sun Security Bulletins Aleph One (Apr 11)
- [LINUX] IP_MASQ / Ethernet Passing Traffic After Halt Sean B. Hamor (Apr 11)