From owner-freebsd-bugs  Mon Jul  6 15:30:25 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA03020
          for freebsd-bugs-outgoing; Mon, 6 Jul 1998 15:30:25 -0700 (PDT)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA02955
          for <freebsd-bugs@FreeBSD.org>; Mon, 6 Jul 1998 15:30:10 -0700 (PDT)
          (envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id PAA00817;
	Mon, 6 Jul 1998 15:30:01 -0700 (PDT)
Date: Mon, 6 Jul 1998 15:30:01 -0700 (PDT)
Message-Id: <199807062230.PAA00817@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.ORG
From: Niall Smart <rotel@indigo.ie>
Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing
Reply-To: Niall Smart <rotel@indigo.ie>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR kern/7191; it has been noted by GNATS.

From: Niall Smart <rotel@indigo.ie>
To: sthomas@lart.net, FreeBSD-gnats-submit@FreeBSD.ORG
Cc:  Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing
Date: Mon, 6 Jul 1998 23:21:42 +0000

 On Jul 6,  9:37pm, sthomas@lart.net wrote:
 } Subject: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when n
 > 
 > Jul  1 04:03:09 rainier /kernel: attempted source route from 205.240.209.213 to
 > +198.32.136.64                                                     
 > 
 > numerous machines on local network...when one  attempts to 
 > LSR traceroute, the other (rainier) generates ICMP Source Route Prohibited
 > packets, and sends them to first machine, even though rainier is not a
 > router, and has never been a router. problem does not occur when rainier
 > attempts to LSR traceroute, however
 
 This is not a bug; its a feature designed to increase the security of your
 system.  Loose and struct source routing can be used to determine the
 initial sequence numbers for a TCP connection trivially, which is a bad
 thing.  If you are sure you understand the implications, you can enable
 them by modifying the net.inet.ip.accept_sourceroute sysctl thus:
 
 	sysctl -w net.inet.ip.accept_sourceroute=1
 	
 Niall
 
 -- 
 Niall Smart.        PGP: finger njs3@motmot.doc.ic.ac.uk
 FreeBSD: Turning PC's into Workstations: www.freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message