From owner-freebsd-security Tue Jul 28 00:55:45 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA25945 for freebsd-security-outgoing; Tue, 28 Jul 1998 00:55:45 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id AAA25940 for ; Tue, 28 Jul 1998 00:55:42 -0700 (PDT) (envelope-from sthaug@nethelp.no) From: sthaug@nethelp.no Received: (qmail 12064 invoked by uid 1001); 28 Jul 1998 07:55:12 +0000 (GMT) To: marcs@znep.com Cc: ben@rosengart.com, security@FreeBSD.ORG Subject: Re: inetd enhancements (fwd) In-Reply-To: Your message of "Mon, 27 Jul 1998 23:06:34 -0700 (PDT)" References: X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Tue, 28 Jul 1998 09:55:12 +0200 Message-ID: <12062.901612512@verdi.nethelp.no> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Hrm, that's no good. But if I'm not mistaken, each interface is > > configured with its own address. Does this not give the system enough > > information to reject packets arriving on the wrong interface for their > > address? > > There is no such thing as the "wrong interface". > > It is completely normal and valid to expect that binding to an IP address > will let connections be accepted on that IP address. If routing etc. is > somehow setup so that works when traffic comes in through another > interface, so it should. It is called routing. If your box is setup *not* to route (net.inet.ip.forwarding = 0), I can certainly see security advantages in not allowing packets to be accepted unless they have destination address equal to the interface address. I have seen a patch for this floating around on the net, but it would be nice to have this configurable. Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message