> Just curious, I was reading up on www.pigtail.net/LRP and found he posted > something about this vulnerability. Is this a problem with Dachstein? I am > using the kernel 2.2.19 without any mod to IP masq. > > Here is the link which states the issue (which sort of makes it sound like > Dachstein is also vulnerable) > http://www.pigtail.net/LRP/ip_masq_vulnerability.html
This is a basic, fundamental problem with masquerading "helper" modules, which by design allow internal systems to open in-bound data connections. If you really need this sort of vunerability blocked, do not load any of the ip_masq helper modules, and replace their functionality (if possible or required) with application level proxy support. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
