Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 8 Oct 2001 19:30:01 -0700 (PDT)
From:      tburgess@whitley.unimelb.edu.au
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: kern/31130: ipfw tee functionality causes malfunction and security hole
Message-ID:  <200110090230.f992U1648451@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR kern/31130; it has been noted by GNATS.

From: tburgess@whitley.unimelb.edu.au
To: cristjc@earthlink.net, tburgess-sent@whitley.unimelb.edu.au
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: kern/31130: ipfw tee functionality causes malfunction and security hole
Date: Tue, 9 Oct 2001 12:21:49 +1000 (EST)

 If it helps, this appears to be a more complicated description of the 
 same problem, a long time ago.
 
 http://docs.freebsd.org/cgi/getmsg.cgi?
 fetch=86560+0+archive/2000/freebsd-hackers/20000409.freebsd-hackers
 
 Kind regards,
 
 Tim
 
 ---- Original Message ----
 From:		Crist J. Clark
 Date:		Mon 10/8/01 20:24
 To:		Tim Burgess
 Cc:		freebsd-gnats-submit@FreeBSD.ORG
 Subject:	Re: kern/31130: ipfw tee functionality causes 
 malfunction and security hole
 
 On Mon, Oct 08, 2001 at 02:14:18AM -0700, Tim Burgess wrote:
 
 [snip]
 
 > >Description:
 > It looks to me like using the ipfw 'tee' function on incoming 
 packets actually accepts the packets as destined for the localhost.  
 Hence a rule such as:
 > 
 > 600 tee 8665 ip from any to any in
 > 
 > Means that anyone browsing the web on the subnet behind the gateway 
 sees the gateway machine's webserver no matter which url they enter.  
 www.hotmail.com/wi actually goes to www.whitley.unimelb.edu.au/wi !
 
 I am not sure what you are saying here. The fact that the original
 packet is accepted is clearly documented in ipfw(8). Not ideal
 behavior, but documented behavior. As for this issue where you believe
 that you have redirected packets, what is listening on 8665/divert?
 Can we see a tcpdump(8) of this behavior?
 -- 
 Crist J. Clark                           cjclark@alum.mit.edu
                                          cjclark@jhu.edu
                                          cjc@freebsd.org
 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110090230.f992U1648451>