Bugtraq mailing list archives
Re: Linux +ipchains+ ping -R
From: scott () ACRID SCHEMATIX NET (Scott)
Date: Sat, 24 Jul 1999 01:26:28 +0000
About 2 weeks ago someone made me aware of a similar bug in FreeBSD with natd/ipfw. I tested it on my own computer (FreeBSD 3.2-STABLE) and the result was an immediate result reboot without any logging. This firewall rule fixes the problem on my FreeBSD box. Adjust it accordingly for the logging options, etc. Make sure its the 1st rule listed. deny log ip from any to any ipopt rr -Scott On Thu, 22 Jul 1999, Andrej Todosic wrote:
Hello , i am not quite sure if this has been discussed or if htere is a fix already but i d still like to mention it. linux firewall setup 2.2.5 or 2.2.10 and ipchains + Nat + advanced router if you are less than nine hops away from it ping -R and ( assuming the fw lets the packets go through ) you get a kernel panic . You cant go wrong . i tried it on more than one firewall and more than one kernel. PS if you are testing it do make sure you are not going through the fw for a connection ( which how i screwed myself up and left the ping -R in the background ) Andrej
Current thread:
- Shared memory DoS's Mike Perry (Jul 14)
- Re: Shared memory DoS's Dustin Marquess (Jul 15)
- Re: Shared memory DoS's (Redhat retraction) Mike Perry (Jul 15)
- Re: Shared memory DoS's (Redhat retraction) Jim Dennis (Jul 19)
- Linux +ipchains+ ping -R Andrej Todosic (Jul 22)
- Re: Linux +ipchains+ ping -R Scott (Jul 23)
- Update to Microsoft Security Bulletin (MS99-025) aleph1 () UNDERGROUND ORG (Jul 23)
- Re: Shared memory DoS's (Redhat retraction) Wietse Venema (Jul 22)
- Alert: RDS IIS vulnerability/fix .rain.forest.puppy. (Jul 23)
- Re: Shared memory DoS's Dick St.Peters (Jul 15)
- Re: Shared memory DoS's Nicolas V. Chernyy (Jul 15)
- Re: Shared memory DoS's Mike Perry (Jul 17)
- Mail relay vulnerability in RedHat 5.0, 5.1, 5.2 David Luyer (Jul 16)
- Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2 Ollivier Robert (Jul 19)
- Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2 Matt Dunn (Jul 22)
- Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2 Daniele Orlandi (Jul 24)
(Thread continues...)