Bugtraq mailing list archives
Re: Watcher page moved (and ObBug)
From: smb () research att com (smb () research att com)
Date: Sat, 01 Apr 95 08:05:21 EST
Interesting questions are: 1) should TCP check the sequence number to avoid RST bombs? Not only should but must, and I think does; see RFC 793. 2) Should it check the sequence number to block ICMP redirect bombs? Absolutely. 3) Should it check the MAC source address of ICMP redirects against the ARP table entry of the sender? Don't bother; the attacker is probably coming through your legitimate router. 4) Should routers discard received redirects that aren't addressed to the router? Routers should always ignore Redirects. RFC 1009 permits them to listen, but this is a bad idea -- routers run routing protocols, and hence don't need such primitive methods to learn the proper path. RFC 1716, which is a step towards a likely replacement for 1009, says this: A router using a routing protocol (other than static routes) MUST NOT consider paths learned from ICMP Redirects when forwarding a packet. If a router is not using a routing protocol, a router MAY have a configuration which, if set, allows the router to consider routes learned via ICMP Redirects when forwarding packets. DISCUSSION: ICMP Redirect is a mechanism for routers to convey routing information to hosts. Routers use other mechanisms to learn routing information, and therefore have no reason to obey redirects. Believing a redirect which contradicted the router's other information would likely create routing loops. On the other hand, when a router is not acting as a router, it MUST comply with the behavior required of a host.
Current thread:
- Re: Watcher page moved (and ObBug) root (Apr 01)
- <Possible follow-ups>
- Re: Watcher page moved (and ObBug) smb () research att com (Apr 01)