Re: Loopback and multi-homed routing flaw in TCP/IP stack.

[3APA3A <3APA3A () SECURITY NNOV RU>]

Hello Woody,

Monday, March 05, 2001, 10:44:43 PM, you wrote:

W> There is a flaw in the TCP/IP stack, such that packets intended for
W> loopback  and/or  local  network  interfaces,  routed via any other
W> interface,  will be delivered EVEN IF THE MACHINE IS CONFIGURED NOT
W> TO  BE A GATEWAY (note that in the case of packets destined for the
W> loopback  interface,  we  consider this to be a fault no matter how
W> the  host  is configured - see RFC 1122 comments below). This means
W> that  connections  can be made to services that were intended to be
W> invisible  by  virtue  of the fact that they were only listening on
W> the  "inside"  of  a system. This may lead to further compromise of
W> the  host  and/or  connected  networks,  either  via  (e.g.) buffer
W> overflows  or  enhanced  privileges  via  access  to SOCKS or other
W> internal proxies.

Windows  NT  behaves  same way - it will accept connection to internal
address through external interface even if routing is not enabled (I'm
not  sure  about  loopback). Then configuring Cisco routers it's quite
common  practice  to  give real address to loopback interface and link
this address to few external interfaces.

This behavior doesn't violate RFC 1122. And I believe this behavior is
correct  (imagine host with e.g. few PPTP and L2TP interfaces, some of
them  may  be  dynamically addressed. To make access to this host from
outside  you  may  want some static internal address, may be linked to
loopback, rather then virtual interface or any physical interface, but
enabling routing in this case isn't good idea).

I believe solution for this problem may be something like

ipfw add allow all via lo*
ipfw add deny all to 127.0.0.0/8

if you want this behavior to be changed.


--
~/3APA3A
Если даже вы получите какое-нибудь письмо, вы все равно не сумеете его прочитать. (Твен)