Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Various Errors in Slackware
From: emsi () IT PL (Mariusz Woloszyn)
Date: Wed, 22 Dec 1999 10:13:00 +0100


On Tue, 21 Dec 1999, Dagmar d'Surreal wrote:

IPV4 PACKET FORWARDING -- Should not be on by default

Above is true for Slackware 4.0

(...)

RP_FILTER -- Probably incorrect assumption
------------------------------------------
Just below the section that turns on IP forwarding is a section that
theoretically turns on rp_filter, which is supposed to do source
validation of incoming packets to prevent outside lusers from firing
spoofed packets into your local network.  This is supposed to go on by
default once ip_forwarding is turned on, according to both the comments in
the script and the kernel documentation.  (Annoyingly enough, the
interface for it in /proc still emits a 0 when ip_forwarding is turned on,
which leads me to believe that something might be missing in the kernel,
although I might be the only person that ever tries to read proc first to
see what's on and what's off.)  Better to be safe than sorry and change
the logic to stuff a 1 in there if IPV4_FORWARD is true, and a zero in
there if it's false.

It also applyes to Slackware 4.0, but it isn't kernel problem. Kernel
documentation says:

# rp_filter
#    Integer value deciding if source validation should be made.
#    1 means yes, 0 means no. Disabled by default, but
#    local/broadcast address spoofing is always on.
# 

"Disabled by default"! I noticed Patrick Volkerding long time before
Slackware 7 (as soon as I found it in 4.0).

Anyway you're not the only person that ever tries to read proc first :)

Regards,

--
Mariusz Wo³oszyn
Internet Security Specialist, Internet Partners, GTS Poland
E-mail: emsi () it pl



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault