Re: Linux kernel 2.4 "weak end host" issue (previously discussed here as "arp problem")

[Dax Kelson <dax () gurulabs com>]

On Thu, 9 May 2002, Felix von Leitner wrote:

> A service bound to the IP of eth1 is still visible from eth0.
> This is not an RFC violation (RFC1122 calls this "weak end host"), but

Linux isn't unique in this regard as Solaris has the same behavior. You
are correct in that although likely surprising, it isn't a RFC violation.

On Solaris you can turn this behavior off with:

# ndd -set /dev/ip ip_strict_dst_multihoming 1

On Linux, you could use this IP Tables command (eth0 external, and eth1 
internal):

# iptables -A INPUT -i eth0 -d IP_of_eth1 -j DROP

Lastly, I would comment that most likely the internal interface would be 
using RFC1918 reserved address space, so an attacker 'out on the net' 
somewhere wouldn't be able to route packets to the potential vicitim's 
internal IP address.

Dax Kelson
Guru Labs