Date: Mon, 6 Jul 1998 15:30:01 -0700 (PDT) From: Niall Smart <rotel@indigo.ie> To: freebsd-bugs@FreeBSD.ORG Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing Message-ID: <199807062230.PAA00817@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/7191; it has been noted by GNATS. From: Niall Smart <rotel@indigo.ie> To: sthomas@lart.net, FreeBSD-gnats-submit@FreeBSD.ORG Cc: Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing Date: Mon, 6 Jul 1998 23:21:42 +0000 On Jul 6, 9:37pm, sthomas@lart.net wrote: } Subject: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when n > > Jul 1 04:03:09 rainier /kernel: attempted source route from 205.240.209.213 to > +198.32.136.64 > > numerous machines on local network...when one attempts to > LSR traceroute, the other (rainier) generates ICMP Source Route Prohibited > packets, and sends them to first machine, even though rainier is not a > router, and has never been a router. problem does not occur when rainier > attempts to LSR traceroute, however This is not a bug; its a feature designed to increase the security of your system. Loose and struct source routing can be used to determine the initial sequence numbers for a TCP connection trivially, which is a bad thing. If you are sure you understand the implications, you can enable them by modifying the net.inet.ip.accept_sourceroute sysctl thus: sysctl -w net.inet.ip.accept_sourceroute=1 Niall -- Niall Smart. PGP: finger njs3@motmot.doc.ic.ac.uk FreeBSD: Turning PC's into Workstations: www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807062230.PAA00817>