From owner-freebsd-bugs  Mon Jul  6 17:50:16 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA20430
          for freebsd-bugs-outgoing; Mon, 6 Jul 1998 17:50:16 -0700 (PDT)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA20423
          for <freebsd-bugs@FreeBSD.org>; Mon, 6 Jul 1998 17:50:12 -0700 (PDT)
          (envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id RAA05283;
	Mon, 6 Jul 1998 17:50:02 -0700 (PDT)
Date: Mon, 6 Jul 1998 17:50:02 -0700 (PDT)
Message-Id: <199807070050.RAA05283@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.ORG
From: "Gary Palmer" <gpalmer@FreeBSD.ORG>
Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing 
Reply-To: "Gary Palmer" <gpalmer@FreeBSD.ORG>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR kern/7191; it has been noted by GNATS.

From: "Gary Palmer" <gpalmer@FreeBSD.ORG>
To: Niall Smart <rotel@indigo.ie>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing 
Date: Mon, 06 Jul 1998 20:40:31 -0400

 Niall Smart wrote in message ID
 <199807062230.PAA00817@freefall.freebsd.org>:
 > The following reply was made to PR kern/7191; it has been noted by GNATS.
 >  This is not a bug; its a feature designed to increase the security of your
 >  system.  Loose and struct source routing can be used to determine the
 >  initial sequence numbers for a TCP connection trivially, which is a bad
 >  thing.  If you are sure you understand the implications, you can enable
 >  them by modifying the net.inet.ip.accept_sourceroute sysctl thus:
 >  
 >  	sysctl -w net.inet.ip.accept_sourceroute=1
 
 Err. Yes, but why is the FreeBSD box sending ICMP messages when the
 packets should not be being seen by the BSD box in the first place?  I
 think the submitter needs to double check his routing tables. I can't
 think why the BSD box will be seeing the packets in the first place
 otherwise.
 
 
 Gary
 --
 Gary Palmer                                          FreeBSD Core Team Member
 FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message