|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ben Laurie (ben
ALGROUP.CO.UK)Date: Tue Mar 06 2001 - 03:09:44 CST
Neil W Rickert wrote:
>
> Woody <woodyTHEBUNKER.NET> wrote:
>
> >We believe there to be a serious security flaw in the TCP/IP stack of
> >several Unix-like operating systems. Whilst being "known" behavior on
> >technical mailing lists, we feel that the implications of this
> >"feature" are unexpected. Furthermore, not all platforms behave in the
> >same way, which will obviously lead to invalid expectations.
>
> [detailed description snipped]
>
> I am surprised to see this described as a flaw. It is behavior I
> have been relying on for some time. Specifically, on my client
> machines, I add a route to the alternate interface of my servers via
> the direct interface of the same server. This allows direct
> connection to the server without relying on a router, regardless of
> which IP address is used for the service. For NFS clients, I
> consider it important to be able to do this.
>
> If there is a flaw, it is surely in the thinking of people who
> mistakenly assumed that multi-homed systems would not behave so as to
> allow this.
It is only a flaw when routing is disabled, as we stated.
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
ApacheCon 2001! http://ApacheCon.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]