Mad Duck wrote:
> 2.2 is vulnerable, but 2.4 is not. as far as i can tell, 2.4 systems
> don't even have a localhost routing entry anymore.
Actually I can confirm that Linux 2.4 does suffer from it, at least in the
hardwired MAC address case I mentioned. Just took the time to test it.
Andrew Bartlett wrote:
> I'm trying to assess how this affects me. Is Linux 2.2 vulnerable when
> rp_filter is enbled (sys.net.ipv4.all.rp_filter)? If so then the above
> statement is correct, as rp_filter is enabled by default on RedHat
> installs.
I'm reading the documentation on rp_filter (Documentation/Configure.help).
In sum, it appears to implement the command 'ip verify unicast
reverse-path' that you would find on Cisco routers :) Or am I
misunderstanding?
Assuming I'm reading it correctly, then this will not protect you. The
feature only matches against the source, which is not the issue here.
RoMaN SoFt / LLFB !! wrote:
> I've not tested it but perhaps this is a valid workaround for Linux.
I don't think so. Just follow the maintainer's advice, and filter your
interfaces:
# ifconfig eth0 10.0.5.10
# ipchains -A input -i eth0 -d 10.0.5.10 -j ACCEPT
# ipchains -A input -i eth0 -j DENY
Or something like that, anyway. Easy enough, right? :)
Thanks,
Kyle Sparger - Senior System Administrator
[EMAIL PROTECTED] - http://www.dialtoneinternet.net
Voice - (954) 581-0097 x 122
"Forget college, I'm going pro."