Re: [CentOS] VPN connections subject to hijack attack

2019-12-06 Thread Chris Adams
Once upon a time, Stephen John Smoogen said: > So for ipv4 CentOS 7 and 8 may not be vulnerable out of the door (they > set to 1 versus 0 which the announcement says is kernel default and > sfe). However, they found ipv6 works without rp_filter so this is a > problem. Yeah, I didn't realize

Re: [CentOS] VPN connections subject to hijack attack

2019-12-06 Thread Stephen John Smoogen
On Fri, 6 Dec 2019 at 04:40, Kenneth Porter wrote: > > > Thanks for the heads up > This affects all VPNs and is a consequence of using "loose" reverse path > filtering for

[CentOS] VPN connections subject to hijack attack

2019-12-06 Thread Kenneth Porter
This affects all VPNs and is a consequence of using "loose" reverse path filtering for anti-spoofing. The default CentOS setting is strict filtering but you may have changed this to