Bugtraq mailing list archives
Re: [Fwd: Re: Loopback and multi-homed routing flaw in TCP/IP
From: Darren Reed <avalon () COOMBS ANU EDU AU>
Date: Wed, 7 Mar 2001 19:03:36 +1100
In some mail from Ben Laurie, sie said:
Aleph1 wrote:A flaw in the standard not on the stack. RFC 1122 "Requirements for Internet Hosts -- Communication Layers" covers this issue although without pointing out its security consequences.In the case that a host is not routing, it is abundantly clear that the strong model is the only correct one. Similarly, I would argue that in the case that a host is routing, the weak model is clearly correct. In more complex cases, one should use packet filtering to enforce requirements. You'll note that RFC 1122 is completely silent on the difference between routing and non-routing hosts, which makes it so broken it seems almost irrelevant on this issue.
Let me give you a 'counter example'. Multi-homed server of some kind, and a client goes to access it. DNS server gives a reply with all of the addresses included. Which one does the client choose ? Should it have to check them all for the "best match" ? What if it can't work out what is the "best match" ? The client should be able to pick "any address" and connect, no ? Afterall, the intention is to provide a service to clients. Whether the server listens on one address (as it might) or all interface addreses or just "ANY" (all are quite valid scenarios), if it is a general service then I generally want everyone to access it and what it's bound to should be neither here nor there. It should "just work". I don't mention if it is a routing or non-routing server because it makes no difference to me, as a client - or shouldn't at any rate. I've seen a lot of people say "Strong ES model" should be the default, but that is only a requirement for particular applications where you want that behaviour. To answer your question about what the RFC authors meant, maybe they were thinking of actually just "using" multi-homed servers rather than trying to impose security restrictions.
Current thread:
- Re: [Fwd: Re: Loopback and multi-homed routing flaw in TCP/IP stack.] Ben Laurie (Mar 06)
- Re: [Fwd: Re: Loopback and multi-homed routing flaw in TCP/IP Darren Reed (Mar 07)