nanog mailing list archives
Re: Should routers send redirects by default?
From: Butch Evans <butche () butchevans com>
Date: Fri, 20 Aug 2010 17:04:35 -0500
On Fri, 2010-08-20 at 17:54 -0400, Valdis.Kletnieks () vt edu wrote:
Until a PC or something on the network gets pwned, and issues selective forged ICMP redirects to declare itself a router and the appropriate destination for some traffic, which it can then MITM to its heart's content. *Then* you truly have a manure-on-fan situation.
While I don't disagree with your assessment, isn't this true beyond JUST this one function? I mean, if I understand the "problem" correctly, is it the EXISTENCE of ICMP redirect that is the "security hole" or is it that it is used by a router? Don't most host operating systems ignore an ICMP redirect for a host if they are not asking for a route anyway? (I'm not sure I stated that very well...) In other words, ICMP redirect is NOT a broadcast and so it would be ignored if it wasn't directed to my specific MAC. Am I mistaken in that assumption? -- ******************************************************************** * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/ * Network Engineering * * http://store.wispgear.net/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * ********************************************************************
Current thread:
- Should routers send redirects by default? Christopher Morrow (Aug 20)
- Re: Should routers send redirects by default? Jack Bates (Aug 20)
- Re: Should routers send redirects by default? Mikael Abrahamsson (Aug 20)
- Re: Should routers send redirects by default? Jack Bates (Aug 20)
- Re: Should routers send redirects by default? Christopher Morrow (Aug 20)
- Re: Should routers send redirects by default? Mikael Abrahamsson (Aug 20)
- Re: Should routers send redirects by default? Dobbins, Roland (Aug 20)
- Re: Should routers send redirects by default? Butch Evans (Aug 20)
- Re: Should routers send redirects by default? Jared Mauch (Aug 20)
- Re: Should routers send redirects by default? Butch Evans (Aug 20)
- Re: Should routers send redirects by default? Valdis . Kletnieks (Aug 20)
- Re: Should routers send redirects by default? Butch Evans (Aug 20)
- Re: Should routers send redirects by default? Brandon Ross (Aug 20)
- Re: Should routers send redirects by default? Jared Mauch (Aug 20)
- Re: Should routers send redirects by default? Brandon Ross (Aug 20)
- Re: Should routers send redirects by default? Jared Mauch (Aug 20)
- Re: Should routers send redirects by default? Jared Mauch (Aug 20)
- Re: Should routers send redirects by default? Valdis . Kletnieks (Aug 20)
- Re: Should routers send redirects by default? Eric J. Katanich (Aug 20)
- Re: Should routers send redirects by default? Jack Bates (Aug 20)
- Re: Should routers send redirects by default? Owen DeLong (Aug 20)
- Re: Should routers send redirects by default? Jared Mauch (Aug 20)
- Re: Should routers send redirects by default? James Hess (Aug 25)
- Re: Should routers send redirects by default? Butch Evans (Aug 25)