From owner-freebsd-isp  Thu Nov  6 09:31:12 1997
Return-Path: <owner-freebsd-isp>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id JAA29399
          for isp-outgoing; Thu, 6 Nov 1997 09:31:12 -0800 (PST)
          (envelope-from owner-freebsd-isp)
Received: from mole (mole.slip.net [207.171.193.16])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id JAA29389
          for <freebsd-isp@freebsd.org>; Thu, 6 Nov 1997 09:31:06 -0800 (PST)
          (envelope-from dnelson@slip.net)
Received: from slip-3.slip.net [207.171.193.17] (dnelson)
	by mole with smtp (Exim 1.73 #2)
	id 0xTVlR-00049Z-00; Thu, 6 Nov 1997 09:30:41 -0800
Date: Thu, 6 Nov 1997 09:30:38 -0800 (PST)
From: Dru Nelson <dnelson@slip.net>
X-Sender: dnelson@slip-3
To: Archie Cobbs <archie@whistle.com>
cc: brandon@roguetrader.com, freebsd-isp@freebsd.org
Subject: Re: Security problem/oversight with user PPP!
In-Reply-To: <199711060110.RAA18423@bubba.whistle.com>
Message-ID: <Pine.GSO.3.96.971106092836.11993A-100000@slip-3>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


> >  I agreee, it shouldn't be on by default. It is good, though, when
> >  you want to work on the PPP client on the far end when getting
> >  things working.
> 
> Doesn't completely fill the hole... :-)
> 
> I can still take a UNIX machine on the same network as yours,
> disable my loopback interface, and set a route to 127.0.0.1
> via your machine, and then telnet to it.
> 
 
  Hi, where was I 'fill the hole'. If it is off, you can't telnet to 3000?

  Are you saying that Freebsd has a security hole where it allows 
  ip with a source of 127.0.0.1.  When it replies for that SYN for
  telnet, why would it go back to your machine?

Dru