Re: Linux kernel 2.4 "weak end host" issue (previously discussed here as "arp problem")

From: Dax Kelson (daxat_private)
Date: Sat May 11 2002 - 01:31:47 PDT

Next message: der Mouse: "Re: Unfortunate interaction between EZMLM and MessageLabs virus scanning"

Previous message: Jeff Franklin: "Re: wu-imap buffer overflow condition"
In reply to: Felix von Leitner: "Linux kernel 2.4 "weak end host" issue (previously discussed here as "arp problem")"
Next in thread: Matthew G. Marsh: "Re: Linux kernel 2.4 "weak end host" issue Explained"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 9 May 2002, Felix von Leitner wrote:

> A service bound to the IP of eth1 is still visible from eth0.
> This is not an RFC violation (RFC1122 calls this "weak end host"), but

Linux isn't unique in this regard as Solaris has the same behavior. You
are correct in that although likely surprising, it isn't a RFC violation.

On Solaris you can turn this behavior off with:

# ndd -set /dev/ip ip_strict_dst_multihoming 1

On Linux, you could use this IP Tables command (eth0 external, and eth1 
internal):

# iptables -A INPUT -i eth0 -d IP_of_eth1 -j DROP

Lastly, I would comment that most likely the internal interface would be 
using RFC1918 reserved address space, so an attacker 'out on the net' 
somewhere wouldn't be able to route packets to the potential vicitim's 
internal IP address.

Dax Kelson
Guru Labs

Next message: der Mouse: "Re: Unfortunate interaction between EZMLM and MessageLabs virus scanning"
Previous message: Jeff Franklin: "Re: wu-imap buffer overflow condition"
In reply to: Felix von Leitner: "Linux kernel 2.4 "weak end host" issue (previously discussed here as "arp problem")"
Next in thread: Matthew G. Marsh: "Re: Linux kernel 2.4 "weak end host" issue Explained"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat May 11 2002 - 15:40:34 PDT