mailing list archives
[LINUX] IP_MASQ / Ethernet Passing Traffic After Halt
From: hamors () LITTERBOX ORG (Sean B. Hamor)
Date: Fri, 11 Apr 1997 23:54:14 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Friday, April 11, 1997
Sean B. Hamor <hamors () litterbox org>
LINUX IP MASQUERADE
A problem exists in IP Masquerade under Linux which allows traffic to be
passed to external networks even after the gateway host has been halted.
As long as a connection has been established from an internal machine via
the IP Masquerade gateway to an external host and the Ethernet interfaces
inside the machine are still being supplied power, that connection will
stay online in a fully interactive state.
Even worse, that connection will stay online even if the IP Masquerade
gateway machine is rebooted. During a soft reboot, the connection will
stay online in a fully interactive state. During a cold reboot, the
connection will lose interactivity until the IP Masquerade gateway machine
comes back online. After that, the connection will regain interactivity.
During an incoming or outgoing attack, systems administrators may use the
"kill switch" tactic to stop the attack and shut down the gateway machine
involved in the attack. This creates a false sense of security with that
systems administrator thinking that the attack has been successfully
stopped. In reality, the connection in question is totally unaffected by
the system shutdown.
/\_/\ http://www.litterbox.org/~hamors/pgp.txt To err is human.
( o.o ) for PGP public key block To purr feline.
> ^ < Sean B. Hamor <hamors () litterbox org> - Robert Byrne
The Litterbox: http://www.litterbox.org/ Homeless and Abused Pet Rescue
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----