Date: Mon, 6 Jul 1998 17:50:02 -0700 (PDT) From: "Gary Palmer" <gpalmer@FreeBSD.ORG> To: freebsd-bugs@FreeBSD.ORG Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing Message-ID: <199807070050.RAA05283@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/7191; it has been noted by GNATS. From: "Gary Palmer" <gpalmer@FreeBSD.ORG> To: Niall Smart <rotel@indigo.ie> Cc: freebsd-gnats-submit@freebsd.org Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing Date: Mon, 06 Jul 1998 20:40:31 -0400 Niall Smart wrote in message ID <199807062230.PAA00817@freefall.freebsd.org>: > The following reply was made to PR kern/7191; it has been noted by GNATS. > This is not a bug; its a feature designed to increase the security of your > system. Loose and struct source routing can be used to determine the > initial sequence numbers for a TCP connection trivially, which is a bad > thing. If you are sure you understand the implications, you can enable > them by modifying the net.inet.ip.accept_sourceroute sysctl thus: > > sysctl -w net.inet.ip.accept_sourceroute=1 Err. Yes, but why is the FreeBSD box sending ICMP messages when the packets should not be being seen by the BSD box in the first place? I think the submitter needs to double check his routing tables. I can't think why the BSD box will be seeing the packets in the first place otherwise. Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807070050.RAA05283>