Vulnerability Development mailing list archives

Re: linux userland ip spoofing vulnerability

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Wed, 27 Oct 1999 15:42:05 +0100

This works on systems with poor/no firewall setup, pppd + shell users. It
can forge a source address (on your local ethernet sent over ppp
interface).

This bug is caused by bind() in the kernel allowing you to send off
another interface.


No its not a bug. Its standard correct TCP/IP behaviour. The user can only
send frames from any IP address the administrator configured. It is quite
valid and indeed quite often sensible to do this. Think about secure web
servers on virtual interfaces - they need to talk from the virtual interface.

It is (as you observed) a matter of firewalling if you dont wish to do this

Current thread:

Re: AIM 3.0, (continued)
- - - Re: AIM 3.0 Aviram Jenik (Oct 28)
    - Re: AIM 3.0 Blue Boar (Oct 30)
    - Re: AIM 3.0 Daniel Reed (Oct 30)
    - Re: AIM 3.0 Robert A. Seace (Oct 30)
    - Re: AIM 3.0 Usman (Oct 31)
    - Re: AIM 3.0 esl (Oct 31)
  - Stealth executables (clarified) Brad Griffin (Oct 27)
- linux userland ip spoofing vulnerability Boo Hampshire (Oct 26)
  - Re: linux userland ip spoofing vulnerability CyberPsychotic (Oct 26)
    - Re: linux userland ip spoofing vulnerability Simple Nomad (Oct 27)
  - Re: linux userland ip spoofing vulnerability Alan Cox (Oct 27)
    - Re: linux userland ip spoofing vulnerability dave (Oct 27)
- Re: Accessing IE/Netscape incomming data Martin (Oct 27)
- Re: Accessing IE/Netscape incomming data Thomas Dullien (Oct 28)