On Thu, Apr 19, 2001 at 03:56:41PM +0200, Daniel Mester wrote:
> i am just wondering - is 'ip redirect' (or icmp redirection) has some
> known security issues?
Yes, the issues are, that it is trivial to fake, allowing everyone on your
network to reconfigure your routing tables. On the Internal Network this
might be OK (actually RIP isnt more secure). Personally I like ICMP
redirects on smaller internal Networks as a good routing solution. On
external Network Interfaces I don't see a big win by letting it enabled. Do
you have more than one gateway and are unable to configure your routing
static?
There is an default option for letting ICMP redirects only be send by the
Gateways. This is fine, preventing a bit more accidential messing with your
routing table.
Greetings
Bernd
--
(OO) -- [EMAIL PROTECTED] --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
