NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NetBSD> 2001-q3

From: Emmanuel Dreyfus (Emmanuel.Dreyfusespci.fr)
Date: Thu Jul 19 2001 - 04:55:43 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jul 19, 2001 at 07:02:46PM +1000, Darren Reed wrote:
> Correct. This is nearly never useful because the "next hop" that is the
> redirected gateway must be on the local LAN.

Yes, but this could be used as a denial of service attack: Ruth can watch Bob's
connexion, then Ruth can send Bob an ICMP redirect through the firewall to a
machine on his LAN that does not forward IP packets, and Bob is stuck.

Is that right?

-- 
Emmanuel Dreyfus                             Emmanuel.Dreyfusespci.fr
Cette signature vous est fournie telle quelle, sans aucune garantie de 
fonctionnement. En la lisant, vous acceptez les préjudices matériels, 
physiques, et moraux qu'elle pourrait causer.

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]