Date: Wed, 19 Aug 1998 08:35:05 -0500 (EST) From: Alfred Perlstein <bright@www.hotjobs.com> To: Edwin Woudt <edwin-ml@woudt.nl> Cc: freebsd-security@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG Subject: Re: Gateway/firewall denial of service Message-ID: <Pine.BSF.3.96.980819083306.17267G-100000@bright.fx.genx.net> In-Reply-To: <E0z8wbJ-0001Gf-00@cal007109.student.utwente.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
how about adding an option to ignore ARPs from certain IPs to ipfw? ala: ipfw add 10 deny arp from 192.168.0.0/16 to any via (outside interface) Alfred Perlstein - Programmer, HotJobs Inc. - www.hotjobs.com -- There are operating systems, and then there's BSD. -- http://www.freebsd.org/ On Wed, 19 Aug 1998, Edwin Woudt wrote: > I use a FreeBSD 2.2.7 machine as a gateway and firewall between a > local network and a campus-wide network. Accidentally I discovered a > way to change the routing table of the local network on the gateway > from the campus network. > > The problem is that de kernel accepts ARP broadcasts on one interface > of which the ip-adresses are on another interface and so making a > machine on the local network unreachable for the gateway. > > I tried to find the bug in the source code, but i'm not a C expert. I > hope somebody who is a better programmer would go trough the code and > find the bug. As the code I thought to be related looked very old, > this might be a problem in all versions of FreeBSD and even other BSD- > operating systems. ..... > Suggestion: Make it impossible to change a routing table entry on one > interface trough another infterface. > > > Edwin Woudt > > > > ===================================================================== > Edwin Woudt ("`-''-/").___..--''"`-._ Calslaan 7-109 > `6_ 6 ) `-. ( ).`-.__.`) 7522 MH Enschede > edwin@woudt.nl (_Y_.)' ._ ) `._ `. ``-..-' The Netherlands > _..`--'_..-_/ /--'_.' ,' > ICQ: 1156462 (il),-'' (li),' ((!.-' +31 53 489 5010 > ===================================================================== > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980819083306.17267G-100000>