From owner-freebsd-security  Sun Apr  4 16:20:20 1999
Delivered-To: freebsd-security@freebsd.org
Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21])
	by hub.freebsd.org (Postfix) with ESMTP id 6220D14CE1
	for <freebsd-security@FreeBSD.ORG>; Sun,  4 Apr 1999 16:20:18 -0700 (PDT)
	(envelope-from gdonl@tsc.tdk.com)
Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191])
	by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id QAA09847;
	Sun, 4 Apr 1999 16:18:11 -0700 (PDT)
	(envelope-from gdonl@tsc.tdk.com)
Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194])
	by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id QAA27644;
	Sun, 4 Apr 1999 16:18:10 -0700 (PDT)
Received: (from gdonl@localhost)
	by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id QAA06876;
	Sun, 4 Apr 1999 16:18:09 -0700 (PDT)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Message-Id: <199904042318.QAA06876@salsa.gv.tsc.tdk.com>
Date: Sun, 4 Apr 1999 16:18:09 -0700
In-Reply-To: Dag-Erling Smorgrav <des@flood.ping.uio.no>
       "Re: Someone trying to route to my machine?" (Apr  4,  2:26pm)
X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95)
To: Dag-Erling Smorgrav <des@flood.ping.uio.no>,
	Nicole Harrington <nicole@nmhtech.com>
Subject: Re: Someone trying to route to my machine?
Cc: freebsd-security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Apr 4,  2:26pm, Dag-Erling Smorgrav wrote:
} Subject: Re: Someone trying to route to my machine?
} Nicole Harrington <nicole@nmhtech.com> writes:
} >  Even so, if someone detected I was running routed, could they use
} > that to try to route to a machine for some nefarius reason?
} 
} They might fake route updates to make your computer route connections
} through theirs so they could sniff you or man-in-the-middle you.

This only works if their machine is on the same subnet as yours since
the next hop specified in the route must be a directly connected network.
Even without RIP, they could probably do the same thing with ARP or ICMP
redirects.  And if they are on the same subnet, they can probably silently
sniff your traffic unless your network is switched and the switch is
hardened so that it can't be tricked into directing your traffic to them.

Unless the network only has one router connected to it (so that you
can use a static default route), or you can use explicit static routes,
you'll probably need some dynamic way of discovering the proper routes
(RIP, ICMP redirects, etc.), and most of these can be spoofed.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message