Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Linux +ipchains+ ping -R
From: scott () ACRID SCHEMATIX NET (Scott)
Date: Sat, 24 Jul 1999 01:26:28 +0000


About 2 weeks ago someone made me aware of a similar bug in FreeBSD
with natd/ipfw. I tested it on my own computer (FreeBSD 3.2-STABLE) and
the result was an immediate result reboot without any logging.

This firewall rule fixes the problem on my FreeBSD box. Adjust it
accordingly for the logging options, etc. Make sure its the 1st rule
listed.

deny log ip from any to any ipopt rr

-Scott

On Thu, 22 Jul 1999, Andrej Todosic wrote:

Hello ,

i am not quite sure if this has been discussed or if htere is a fix already
but i d still like to mention it.

linux firewall setup 2.2.5 or 2.2.10 and ipchains + Nat + advanced router


if you are less than nine hops away from it ping -R and ( assuming the fw
lets the packets go through ) you get a kernel panic .


You cant go wrong . i tried it on more than one firewall and more than one
kernel.


PS if you are testing it do make sure you are not going through the fw for a
connection ( which how i screwed myself up and left the ping -R in the
background )




Andrej



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]