Date: Sat, 30 Jan 1999 17:31:24 -0500 (EST) From: Snob Art Genre <benedict@echonyc.com> To: the man <rmuir@gibralter.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: icmp redirects Message-ID: <Pine.GSO.4.05.9901301725100.23744-100000@echonyc.com> In-Reply-To: <199901302208.RAA12943@mail.gibralter.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 30 Jan 1999, the man wrote: > I really dont like the idea of someone being able to send redirects > etc to my gateway box. > I believe linux has icmp redirects disabled by default if ip > forwarding is enabled, and i also think it logs attempts to syslog. > (I'm not sure about this, I don't deal with linux much). I like the Linux policy -- Bellovin and Cheswick, in _Firewalls and Internet Security_, say Redirect messages should only be obeyed by hosts, not routers, and only when the message comes from a router on a directly attached network. I think their reasoning is that routers should only acquire routing information by administrator-designated methods, i.e. static routes or dynamic routing protocols. Ben "You have your mind on computers, it seems." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.05.9901301725100.23744-100000>