Date: Sat, 27 Jun 1998 07:17:47 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: archie@whistle.com (Archie Cobbs) Cc: andrewr@slack.net, fenner@parc.xerox.com, nate@almond.elite.net, nate@elite.net, julian@whistle.com, freebsd-bugs@FreeBSD.ORG, freebsd-net@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: Re: Apparent bug in sendto() with raw sockets Message-ID: <199806270717.AAA22908@usr08.primenet.com> In-Reply-To: <199806262102.OAA01182@bubba.whistle.com> from "Archie Cobbs" at Jun 26, 98 02:02:44 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > Speaking of IP_HDRINCL, after reading raw_ip.c and noticing the protection > > against spoofing (can't use IP_HDRINCL in certain situations), I started > > thinking about actually comparing the user dsupplied ip->ip_src with the > > actual IP address defined for the outgoing interface. While looking for a > > What's wrong with being able to spoof an IP address? If I have root > access (required to open a raw socket), and I want to do so, the kernel > shouldn't prevent me. There are legitimate reasons for wanting to send > spoofed source IP addresses (eg, testing situations). A number of "netnanny" packages rely on being able to say "host unreachable" in response to a request before the (actually reachable) site is able to respond with the information. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806270717.AAA22908>