Bugtraq mailing list archives
Re: Loopback and multi-homed routing flaw in TCP/IP stack.
From: Woody <woody () THEBUNKER NET>
Date: Wed, 7 Mar 2001 00:45:22 +0000
Darren Reed wrote:
In some mail from Woody, sie said:Subject: Loopback and multi-homed routing flaw in TCP/IP stack. Author: Woody <woody () thebunker net> We believe there to be a serious security flaw in the TCP/IP stack of several Unix-like operating systems. Whilst being "known" behavior on technical mailing lists, we feel that the implications of this "feature" are unexpected. Furthermore, not all platforms behave in the same way, which will obviously lead to invalid expectations. PLEASE NOTE: We have received a lot of replies to this advisory from developers who have missed the point. Before you reply, please read the advisory at least twice, to ensure you understand its implications, and scope.
[snip]
The other part of your advisory is the argument that IP addresses on an interface should not be reachable, by default, through others because people bind things to particular interfaces for security reasons and that people would be surprised to find out it's not like that. Well, any admin who's setup something like that and gone on to not test his configuration is being careless. The expectation of implied filtering of packets is an illusion created by that person for themselves. I've not read anywhere that the behaviour is documented to be such. Your claim that this is wrong is just your opinion and typically security advisories are based on factual security flaws, not opinions. The security problem here is in people not testing "security" they think they have put in place.
Yes, `people not testing "security" they think they have put in place' is a valid point, to an extent. However, when people test their systems, they test the things that they deem to be within the realms of possibility. A machine which has routing turned off, is not _expected_ to route, so it is not tested for. This is the point of this advisory, which is commonly missed. Woody
Current thread:
- Re: Loopback and multi-homed routing flaw in TCP/IP stack., (continued)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Lincoln Yeoh (Mar 07)
- Message not available
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Lars Mathiesen (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Lothar Beta (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. David Damerell (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. 3APA3A (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Martin Macok (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. 3APA3A (Mar 07)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. bert hubert (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Crist Clark (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Martin Macok (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Darren Reed (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Woody (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Lupe Christoph (Mar 07)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Woody (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. BrandonButterworth (Mar 05)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Adam Laurie (Mar 07)