From owner-freebsd-bugs  Tue Jul  7 05:10:17 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id FAA16480
          for freebsd-bugs-outgoing; Tue, 7 Jul 1998 05:10:17 -0700 (PDT)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA16462
          for <freebsd-bugs@FreeBSD.org>; Tue, 7 Jul 1998 05:10:13 -0700 (PDT)
          (envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id FAA25847;
	Tue, 7 Jul 1998 05:10:01 -0700 (PDT)
Date: Tue, 7 Jul 1998 05:10:01 -0700 (PDT)
Message-Id: <199807071210.FAA25847@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.ORG
From: Samuel S Thomas <sthomas@lart.net>
Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing
Reply-To: Samuel S Thomas <sthomas@lart.net>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR kern/7191; it has been noted by GNATS.

From: Samuel S Thomas <sthomas@lart.net>
To: rotel@indigo.ie, FreeBSD-gnats-submit@FreeBSD.ORG
Cc:  Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing
Date: Tue, 7 Jul 1998 12:11:06 +0000

 > This is not a bug;
 
 This *IS* a bug... I beg you to read the RFC's (I'll dig up numbers if
 you need)
 
  its a feature designed to increase the security of your
 > system.
 
 that's fine, but I assure you that the system has no business in the
 source-routing of other systems on the network
 
   Loose and struct source routing can be used to determine the
 > initial sequence numbers for a TCP connection trivially, which is a bad
 > thing.  If you are sure you understand the implications, you can enable
 > them by modifying the net.inet.ip.accept_sourceroute sysctl thus:
 
 I am quite clear on the implications...my concern is that the LSR
 packets were neither originating from, nor destined to the machine
 generating the ICMP Source-route prohibited messages.
 
 > 	sysctl -w net.inet.ip.accept_sourceroute=1
 > 	
 > Niall
 > 
 > -- 
 > Niall Smart.        PGP: finger njs3@motmot.doc.ic.ac.uk
 > FreeBSD: Turning PC's into Workstations: www.freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message