Vulnerability Development mailing list archives
Re: linux userland ip spoofing vulnerability
From: drai2.geo () YAHOO COM (dave)
Date: Thu, 28 Oct 1999 03:34:37 +1000
Yep. It is mainly more to do with the administrator of the site/server than a kernel, although I'm sure you can change the kernel prevent sending data off interfaces you didn't bind to... but I wasn't aware it was useful for virtual interfaces. (ala,s not a kernel bug) As I mentioned, the problem exists only for people using their linux systems with their lan, and if they have shell users. (This situation exists mainly in small schools, colleges, etc); with poor or no firewall sanity rules in place. The weird thing: it requires a similar situation to the other pppd bug. What else to add.. I guess there's nothing else. Alan Cox wrote: <snip> -- David Shoon aka Dr/icebsd http://www.xnet.org/ http://www.wiretapped.net http://www.2600.org.au Gemini is a GNU udp-based IRCD, email gemini () xnet org if you're interested.
Current thread:
- Re: AIM 3.0, (continued)
- Re: AIM 3.0 Blue Boar (Oct 30)
- Re: AIM 3.0 Daniel Reed (Oct 30)
- Re: AIM 3.0 Robert A. Seace (Oct 30)
- Re: AIM 3.0 Usman (Oct 31)
- Re: AIM 3.0 esl (Oct 31)
- Stealth executables (clarified) Brad Griffin (Oct 27)
- linux userland ip spoofing vulnerability Boo Hampshire (Oct 26)
- Re: linux userland ip spoofing vulnerability CyberPsychotic (Oct 26)
- Re: linux userland ip spoofing vulnerability Simple Nomad (Oct 27)
- Re: linux userland ip spoofing vulnerability Alan Cox (Oct 27)
- Re: linux userland ip spoofing vulnerability dave (Oct 27)
- Re: linux userland ip spoofing vulnerability CyberPsychotic (Oct 26)
- Re: Accessing IE/Netscape incomming data Martin (Oct 27)
- Re: Accessing IE/Netscape incomming data Thomas Dullien (Oct 28)