Bugtraq mailing list archives
Re: Loopback and multi-homed routing flaw in TCP/IP stack.
From: Ben Laurie <ben () ALGROUP CO UK>
Date: Tue, 6 Mar 2001 09:09:44 +0000
Neil W Rickert wrote:
Woody <woody () THEBUNKER NET> wrote:We believe there to be a serious security flaw in the TCP/IP stack of several Unix-like operating systems. Whilst being "known" behavior on technical mailing lists, we feel that the implications of this "feature" are unexpected. Furthermore, not all platforms behave in the same way, which will obviously lead to invalid expectations.[detailed description snipped] I am surprised to see this described as a flaw. It is behavior I have been relying on for some time. Specifically, on my client machines, I add a route to the alternate interface of my servers via the direct interface of the same server. This allows direct connection to the server without relying on a router, regardless of which IP address is used for the service. For NFS clients, I consider it important to be able to do this. If there is a flaw, it is surely in the thinking of people who mistakenly assumed that multi-homed systems would not behave so as to allow this.
It is only a flaw when routing is disabled, as we stated. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff ApacheCon 2001! http://ApacheCon.com/
Current thread:
- Re: Loopback and multi-homed routing flaw in TCP/IP stack., (continued)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Ben Laurie (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Perry Harrington (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Ben Laurie (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Dan Harkless (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. MaD dUCK (Mar 05)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. J. Bol (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Kyle Sparger (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Kurt Seifried (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Ben Laurie (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. David Litchfield (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Robert Collins (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Lincoln Yeoh (Mar 07)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Lars Mathiesen (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. David Damerell (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Martin Macok (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. 3APA3A (Mar 07)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. bert hubert (Mar 06)