Re: Linux kernel 2.4 "weak end host" issue (previously discussed here as "arp problem")
From: Dax Kelson (dax@gurulabs.com)Date: 05/11/02
- Previous message: Jeff Franklin: "Re: wu-imap buffer overflow condition"
- In reply to: Felix von Leitner: "Linux kernel 2.4 "weak end host" issue (previously discussed here as "arp problem")"
- Next in thread: Matthew G. Marsh: "Re: Linux kernel 2.4 "weak end host" issue Explained"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 11 May 2002 02:31:47 -0600 (MDT) From: Dax Kelson <dax@gurulabs.com> To: "bugtraq@securityfocus.com" <bugtraq@securityfocus.com>
On Thu, 9 May 2002, Felix von Leitner wrote:
> A service bound to the IP of eth1 is still visible from eth0.
> This is not an RFC violation (RFC1122 calls this "weak end host"), but
Linux isn't unique in this regard as Solaris has the same behavior. You
are correct in that although likely surprising, it isn't a RFC violation.
On Solaris you can turn this behavior off with:
# ndd -set /dev/ip ip_strict_dst_multihoming 1
On Linux, you could use this IP Tables command (eth0 external, and eth1
internal):
# iptables -A INPUT -i eth0 -d IP_of_eth1 -j DROP
Lastly, I would comment that most likely the internal interface would be
using RFC1918 reserved address space, so an attacker 'out on the net'
somewhere wouldn't be able to route packets to the potential vicitim's
internal IP address.
Dax Kelson
Guru Labs
- Previous message: Jeff Franklin: "Re: wu-imap buffer overflow condition"
- In reply to: Felix von Leitner: "Linux kernel 2.4 "weak end host" issue (previously discussed here as "arp problem")"
- Next in thread: Matthew G. Marsh: "Re: Linux kernel 2.4 "weak end host" issue Explained"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
