Re: Loopback and multi-homed routing flaw in TCP/IP stack.

[3APA3A <3APA3A () SECURITY NNOV RU>]

Hello Martin,

Wednesday, March 07, 2001, 1:05:17 AM, you wrote:

MM> there is no argument for making 'Weak ES Model' default. Including

Catch one: changing security model will give additional undesired work
for  administrators.  Situation  where  multihomed  host  has services
binded   to  all  interfaces  is  more  common  then  situation  where
multihomed  host  has  a services binded to single interface. I do not
feel  myself  guru in this question. But I see no enough security risk
in this problem to change default behavior, essentially for multihomed
hosts.  Nevertheless  it  could  be nice to have configuration option,
something like "disable internal routing".

MM> the        fact        that        almost        no        current
MM> Security-HOWTO's/Firewall-HOWTO's/Networking-HOWTO's don't discuss
MM> that topic ...


It's  a  good  point  to  update HOWTO's. They MUST discuss this topic
regardless  of  results  of  this flame. Linux HOWTO's must be updated
long  time  ago,  because  they  are  incomplete and miss a lot of key
moments. Example:

 Firewall-HOWTO   from   www.linux.org   Updated:  February  2000.  IP
 filtering setup (IPFWADM and IPCHAINS) section. Demo rules make false
 sense  of  security, because external hacker can access whole network
 by  UDP using source port 53 (destination port never checked) and all
 unprivileged  TCP  ports  using  source  port  80 (connection doesn't
 checked   to   be   established).   Nearly   same  problem  in  Linux
 IPCHAINS-HOWTO.

Sorry,  if  I  chose  wrong  source for getting HOWTO's - I'm not from
Linux world.


MM> Have a nice day




--
~/3APA3A
Íĺďđč˙ňíîńňč íŕ÷íóňń˙ â âîńĺěü.  (Ňâĺí)