mailing list archives
Re: Watcher page moved (and ObBug)
From: smb () research att com (smb () research att com)
Date: Sat, 01 Apr 95 08:05:21 EST
Interesting questions are:
1) should TCP check the sequence number to avoid RST bombs?
Not only should but must, and I think does; see RFC 793.
2) Should it check the sequence number to block ICMP redirect
3) Should it check the MAC source address of ICMP redirects
against the ARP table entry of the sender?
Don't bother; the attacker is probably coming through your legitimate
4) Should routers discard received redirects that aren't
addressed to the router?
Routers should always ignore Redirects. RFC 1009 permits them to listen,
but this is a bad idea -- routers run routing protocols, and hence don't
need such primitive methods to learn the proper path. RFC 1716, which
is a step towards a likely replacement for 1009, says this:
A router using a routing protocol (other than static routes)
MUST NOT consider paths learned from ICMP Redirects when
forwarding a packet. If a router is not using a routing
protocol, a router MAY have a configuration which, if set,
allows the router to consider routes learned via ICMP Redirects
when forwarding packets.
ICMP Redirect is a mechanism for routers to convey routing
information to hosts. Routers use other mechanisms to learn
routing information, and therefore have no reason to obey
redirects. Believing a redirect which contradicted the
router's other information would likely create routing
On the other hand, when a router is not acting as a router,
it MUST comply with the behavior required of a host.