Bugtraq mailing list archives
Re: Loopback and multi-homed routing flaw in TCP/IP stack.
From: Ben Laurie <ben () ALGROUP CO UK>
Date: Tue, 6 Mar 2001 09:05:32 +0000
Perry Harrington wrote:
I don't think the behavior should change because of DSR. DSR is more useful than 'rightness' in my opinion. A switch to turn it off if you don't want it is something I'd advocate, but the default should be 'on'.
The FreeBSD guys are making the behaviour switchable with a sysctl, I believe. However, the default position should clearly be strong, not weak - people who want weak are rare and really ought to know what they're doing. POLA dictates that "internal" routing should not occur when routing is disabled. Further, there's no circumstance I can think of where it makes sense to route 127/8 from an external interface! That behaviour should not be switchable. Cheers, Ben.
--Perry On Mon, Mar 05, 2001 at 06:18:33PM -0800, ddowney () mail hislinuxbox net wrote:On Mon, 5 Mar 2001, Perry Harrington wrote:In short, yes security through obscurity is dumb, but calling for people to change this functionality is unwarranted when machines can be firewalled.Actually to me this sounds more like an excuse NOT to fix the problem simply because it's "industry standard". Sometimes standards need to be looked at and revamped. In this case it's one that would affect the industry as a whole. Are you calling for advisories only simply because the workload would be tremendous or because you truly believe that fixing this would affect nothing? --- David D.W. Downey - RHCE Consulting Engineer Ensim Corporation david.downey () ensim com-- Perry Harrington Director of zelur xuniL () perry at webcom dot com System Architecture Think Blue. /\ ------------------------------------------------------------------------ Part 1.2Type: application/pgp-signature
-- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff ApacheCon 2001! http://ApacheCon.com/
Current thread:
- Loopback and multi-homed routing flaw in TCP/IP stack. Woody (Mar 05)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Elias Levy (Mar 05)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Perry Harrington (Mar 05)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. ddowney (Mar 05)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. John Cronin (Mar 05)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Ben Laurie (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. ddowney (Mar 05)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Perry Harrington (Mar 05)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Ben Laurie (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Perry Harrington (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Ben Laurie (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Dan Harkless (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. MaD dUCK (Mar 05)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. J. Bol (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Kyle Sparger (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Kurt Seifried (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Ben Laurie (Mar 06)