Date: Mon, 27 Jul 1998 23:06:34 -0700 (PDT) From: Marc Slemko <marcs@znep.com> To: ben@rosengart.com Cc: security@FreeBSD.ORG Subject: Re: inetd enhancements (fwd) Message-ID: <Pine.GSO.4.00.9807272303400.26598-100000@redfish> In-Reply-To: <Pine.GSO.4.02.9807280124550.13278-100000@echonyc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 28 Jul 1998, Snob Art Genre wrote: > On Mon, 27 Jul 1998, Jim Shankland wrote: > > > Careful there. The sockets API supports binding to a specific > > *address*, not interface. If your machine has two interfaces > > with addresses A and B, and you bind your server socket to address > > B, it will happily accept connections addressed to address B, > > but physically arriving via the "A" interface. > > Hrm, that's no good. But if I'm not mistaken, each interface is > configured with its own address. Does this not give the system enough > information to reject packets arriving on the wrong interface for their > address? There is no such thing as the "wrong interface". It is completely normal and valid to expect that binding to an IP address will let connections be accepted on that IP address. If routing etc. is somehow setup so that works when traffic comes in through another interface, so it should. It is called routing. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.00.9807272303400.26598-100000>