Vulnerability Development mailing list archives
Re: linux userland ip spoofing vulnerability
From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Wed, 27 Oct 1999 15:42:05 +0100
This works on systems with poor/no firewall setup, pppd + shell users. It can forge a source address (on your local ethernet sent over ppp interface). This bug is caused by bind() in the kernel allowing you to send off another interface.
No its not a bug. Its standard correct TCP/IP behaviour. The user can only send frames from any IP address the administrator configured. It is quite valid and indeed quite often sensible to do this. Think about secure web servers on virtual interfaces - they need to talk from the virtual interface. It is (as you observed) a matter of firewalling if you dont wish to do this
Current thread:
- Re: AIM 3.0, (continued)
- Re: AIM 3.0 Aviram Jenik (Oct 28)
- Re: AIM 3.0 Blue Boar (Oct 30)
- Re: AIM 3.0 Daniel Reed (Oct 30)
- Re: AIM 3.0 Robert A. Seace (Oct 30)
- Re: AIM 3.0 Usman (Oct 31)
- Re: AIM 3.0 esl (Oct 31)
- Stealth executables (clarified) Brad Griffin (Oct 27)
- linux userland ip spoofing vulnerability Boo Hampshire (Oct 26)
- Re: linux userland ip spoofing vulnerability CyberPsychotic (Oct 26)
- Re: linux userland ip spoofing vulnerability Simple Nomad (Oct 27)
- Re: linux userland ip spoofing vulnerability Alan Cox (Oct 27)
- Re: linux userland ip spoofing vulnerability dave (Oct 27)
- Re: linux userland ip spoofing vulnerability CyberPsychotic (Oct 26)
- Re: Accessing IE/Netscape incomming data Martin (Oct 27)
- Re: Accessing IE/Netscape incomming data Thomas Dullien (Oct 28)