Full Disclosure mailing list archives
Linux problem, steal of IP and traffinc redirection could bypass a firewall
From: NetExpress <NetExpress () tiscali it>
Date: Sat, 06 Nov 2004 21:35:54 +0100
Hi, I am wondering why linux do not recognize if someone steal it's IP, this could be a serious security problem. infact linux, Instead of Windows and freebsd and other operative system, when boot or give up a virtual IP on an interface do not send gratious arp but only ask for the gateway arp and than answer to the query for it's IP. Because of this, If I have a gateway, with IP IPA, and set a desktop/server on the lan with the same ip IPA, when it start it will be the new gateway for the all network. but try: - Suppose the gateway is in high availability, it will have phisical IP and a logical IP the logical one is known from the host of lan as default gateway. - Suppose to set a server/desktop with a virtual IP eth0:1 with the logical IP of the real gateway, send a broadcast arp, set ip_forward=1, and route all the traffic to the phisical IP of the original gateway. - Now there is a new gateway for all host on the net, and the real gateway will trust (with the trust I have on my server) the traffic that I forwardto his because it come form a trusted real IP ,
With this I have create a by-pass of the firewall!!! this is not good!, I could se all traffic, make a man in the middle, see the database data userid e password and so on. But the worst is that if it happen on a DMZ I could create a big DOS, without someone thinks the gateway IP has been steal form someother! If linux would send a gratious arp when it give up an IP real or virtaul this problem will not be possible, because it could not bind a IP that is already present on the net. Alessandro Fiorenzi aka NetExpress fiorenzi () tiscali it http://web.tiscali.it/Fiorenzi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Linux problem, steal of IP and traffinc redirection could bypass a firewall NetExpress (Nov 06)
- Re: Linux problem, steal of IP and traffinc redirection could bypass a firewall Cedric Blancher (Nov 07)