Mad Duck wrote:
> 2.2 is vulnerable, but 2.4 is not. as far as i can tell, 2.4 systems
> don't even have a localhost routing entry anymore.

Actually I can confirm that Linux 2.4 does suffer from it, at least in the
hardwired MAC address case I mentioned. Just took the time to test it.

Andrew Bartlett wrote:
> I'm trying to assess how this affects me. Is Linux 2.2 vulnerable when
> rp_filter is enbled (sys.net.ipv4.all.rp_filter)? If so then the above
> statement is correct, as rp_filter is enabled by default on RedHat
> installs.

I'm reading the documentation on rp_filter (Documentation/Configure.help).

In sum, it appears to implement the command 'ip verify unicast
reverse-path' that you would find on Cisco routers :) Or am I
misunderstanding?

Assuming I'm reading it correctly, then this will not protect you. The
feature only matches against the source, which is not the issue here.

RoMaN SoFt / LLFB !! wrote:
> I've not tested it but perhaps this is a valid workaround for Linux.

I don't think so. Just follow the maintainer's advice, and filter your
interfaces:

# ifconfig eth0 10.0.5.10
# ipchains -A input -i eth0 -d 10.0.5.10 -j ACCEPT
# ipchains -A input -i eth0 -j DENY

Or something like that, anyway. Easy enough, right? :)

Thanks,

Kyle Sparger - Senior System Administrator
kspargerdialtoneinternet.net - http://www.dialtoneinternet.net
Voice - (954) 581-0097 x 122
"Forget college, I'm going pro."

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]