Date: Tue, 7 Jul 1998 05:10:01 -0700 (PDT) From: Samuel S Thomas <sthomas@lart.net> To: freebsd-bugs@FreeBSD.ORG Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing Message-ID: <199807071210.FAA25847@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/7191; it has been noted by GNATS. From: Samuel S Thomas <sthomas@lart.net> To: rotel@indigo.ie, FreeBSD-gnats-submit@FreeBSD.ORG Cc: Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing Date: Tue, 7 Jul 1998 12:11:06 +0000 > This is not a bug; This *IS* a bug... I beg you to read the RFC's (I'll dig up numbers if you need) its a feature designed to increase the security of your > system. that's fine, but I assure you that the system has no business in the source-routing of other systems on the network Loose and struct source routing can be used to determine the > initial sequence numbers for a TCP connection trivially, which is a bad > thing. If you are sure you understand the implications, you can enable > them by modifying the net.inet.ip.accept_sourceroute sysctl thus: I am quite clear on the implications...my concern is that the LSR packets were neither originating from, nor destined to the machine generating the ICMP Source-route prohibited messages. > sysctl -w net.inet.ip.accept_sourceroute=1 > > Niall > > -- > Niall Smart. PGP: finger njs3@motmot.doc.ic.ac.uk > FreeBSD: Turning PC's into Workstations: www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807071210.FAA25847>