Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 31 May 2000 16:29:42 -0500
From:      "Jason Young" <jyoung@accessus.net>
To:        "'Kurt Wuensche'" <kwuensche@yahoo.com>, <freebsd-hackers@FreeBSD.ORG>
Subject:   RE: Spoofed routes
Message-ID:  <00d401bfcb47$564d8260$38aacecf@accessus.net>
In-Reply-To: <20000531140328.2408.qmail@web4704.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

Without an example output from netstat it's hard to say. A host route may be
installed for a completed ARP entry for an existing "local" host:

Destination     Gateway          Flags   Netif Expire
192.168.200.10  0:0:24:60:2b:2a  UHLW    fxp1   1130

Or an incomplete ARP entry for a nonexistent "local" host you've recently
tried to reach:

Destination     Gateway          Flags   Netif Expire
192.168.200.50  link#11          UHLW    fxp1 =>

ICMP redirects and path MTU discovery can also insert routes, but I don't
have examples handy. You may want to play with these sysctls:

 net.inet.icmp.log_redirect
 net.inet.icmp.drop_redirect

Jason Young
Access US(tm) Chief Network Engineer

> -----Original Message-----
> From: owner-freebsd-hackers@FreeBSD.ORG
> [mailto:owner-freebsd-hackers@FreeBSD.ORG]On Behalf Of Kurt Wuensche
> Sent: Wednesday, May 31, 2000 9:03 AM
> To: freebsd-hackers@FreeBSD.ORG
> Subject: Spoofed routes
>
>
> I am periodically having routes added to spare ip
> addresses on my class h network.  I am finding these
> by running netstat -nr which returns flags
> UHLW for a host route.  I have been manually deleting
> them when I find them, but it is disconerting to keep
> having this occur.  I am not running routed or
> anything like that.  Has anyone else run into this?
> Perhaps these are ICMP driven.  Can anyone point me
> to a good reference on ICMP (particularly blocking
> redirects).
>
> Thanks, Kurt
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Send instant messages & get email alerts with Yahoo! Messenger.
> http://im.yahoo.com/
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00d401bfcb47$564d8260$38aacecf>