|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Kenny Jansson (kenson
SENTOR.SE)Date: Wed Mar 07 2001 - 09:26:41 CST
In light of the current discussion about the "Loopback and multi-homed
routing flaw in TCP/IP stack." it's worth mentioning another "condition"
that exists in some TCP/IP stacks.
Some stacks will allow TCP connection to be established to the broadcast
address configured on any given interface.
FreeBSD has had this behaviour for some time 4.x
up until 2001/03/03 17:39:20 PST when a fix was comitted to RELENG_4
OpenBSD also exhibits this behaviour. (Tested on 2.7)
Linux and Solaris don't.
The reason this condition is worth mention is for the cases when
you expect a number of external addresses to be exposed and you apply
excplicit filtering on those addresses, and wrongly assume that no
other endpoints exists to establish connections to.
Obvious fix of course if running FreeBSD is to update your kernel to
incorporate the commited fix. Obvious workaround is to always practice safe
networking, deny everything, then explicitly allow what should be allowed.
/Kenny
-- Kenny Jansson kenson
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]