From owner-freebsd-security  Tue Jul 28 08:01:03 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA23862
          for freebsd-security-outgoing; Tue, 28 Jul 1998 08:01:03 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA23828
          for <security@FreeBSD.ORG>; Tue, 28 Jul 1998 08:00:50 -0700 (PDT)
          (envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.8.8/8.8.8) id LAA19134;
	Tue, 28 Jul 1998 11:00:13 -0400 (EDT)
	(envelope-from wollman)
Date: Tue, 28 Jul 1998 11:00:13 -0400 (EDT)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <199807281500.LAA19134@khavrinen.lcs.mit.edu>
To: ben@rosengart.com
Cc: Jim Shankland <jas@flyingfox.com>, security@FreeBSD.ORG
Subject: Re: inetd enhancements (fwd)
In-Reply-To: <Pine.GSO.4.02.9807280124550.13278-100000@echonyc.com>
References: <199807280440.VAA12658@biggusdiskus.flyingfox.com>
	<Pine.GSO.4.02.9807280124550.13278-100000@echonyc.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

<<On Tue, 28 Jul 1998 01:29:04 -0400 (EDT), Snob Art Genre <benedict@echonyc.com> said:

> Hrm, that's no good.  But if I'm not mistaken, each interface is
> configured with its own address.  Does this not give the system enough
> information to reject packets arriving on the wrong interface for their
> address?

> Are you sure that the system will accept packets for the wrong
> interface?

There's nothing ``wrong'' about it.  In a complex network with routing
protocols operating, it is perfectly conceivable that a packet
addressed to one interface may be delivered to another.  (Indeed, that
is often desirable, particularly if one interface is much higher-speed
than another.  For example, at a previous POE, we had a bunch of SGI
servers on a FDDI ring, which were also on the regular Ethernet.  If
someone on server A mounted an NFS filesystem from server B, we wanted
that traffic to stay on the FDDI ring rather than crossing our aging
Cisco router.)

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message