Date: Sun, 4 Apr 1999 16:18:09 -0700 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: Dag-Erling Smorgrav <des@flood.ping.uio.no>, Nicole Harrington <nicole@nmhtech.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Someone trying to route to my machine? Message-ID: <199904042318.QAA06876@salsa.gv.tsc.tdk.com> In-Reply-To: Dag-Erling Smorgrav <des@flood.ping.uio.no> "Re: Someone trying to route to my machine?" (Apr 4, 2:26pm)
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 4, 2:26pm, Dag-Erling Smorgrav wrote: } Subject: Re: Someone trying to route to my machine? } Nicole Harrington <nicole@nmhtech.com> writes: } > Even so, if someone detected I was running routed, could they use } > that to try to route to a machine for some nefarius reason? } } They might fake route updates to make your computer route connections } through theirs so they could sniff you or man-in-the-middle you. This only works if their machine is on the same subnet as yours since the next hop specified in the route must be a directly connected network. Even without RIP, they could probably do the same thing with ARP or ICMP redirects. And if they are on the same subnet, they can probably silently sniff your traffic unless your network is switched and the switch is hardened so that it can't be tricked into directing your traffic to them. Unless the network only has one router connected to it (so that you can use a static default route), or you can use explicit static routes, you'll probably need some dynamic way of discovering the proper routes (RIP, ICMP redirects, etc.), and most of these can be spoofed. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904042318.QAA06876>