From owner-freebsd-bugs  Thu Feb  6 11:02:46 1997
Return-Path: <owner-bugs>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id LAA22419
          for bugs-outgoing; Thu, 6 Feb 1997 11:02:46 -0800 (PST)
Received: from root.com (implode.root.com [198.145.90.17])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA22411
          for <freebsd-bugs@freebsd.org>; Thu, 6 Feb 1997 11:02:40 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by root.com (8.7.6/8.6.5) with SMTP id LAA18156; Thu, 6 Feb 1997 11:02:18 -0800 (PST)
Message-Id: <199702061902.LAA18156@root.com>
X-Authentication-Warning: implode.root.com: Host localhost [127.0.0.1] didn't use HELO protocol
To: Bill Fenner <fenner@parc.xerox.com>
cc: Oliver Friedrichs <oliver@secnet.com>, freebsd-bugs@freebsd.org
Subject: Re: Security advisory 
In-reply-to: Your message of "Thu, 06 Feb 1997 08:22:12 PST."
             <97Feb6.082224pst.177476@crevenia.parc.xerox.com> 
From: David Greenman <dg@root.com>
Reply-To: dg@root.com
Date: Thu, 06 Feb 1997 11:02:18 -0800
Sender: owner-bugs@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>Just out of curiosity, why is disabling source-routing entirely
>suggested?  Usually filtering out packets with source addresses
>in your network is sufficient, and source routing is useful for
>diagnostics and it's annoying when it's arbitrarily disabled.

   I think the main reason is that it allows someone to pretend to be on
a specific network when he really isn't. Any security that makes this
assumption is going to be broken by this.

-DG

David Greenman
Core-team/Principal Architect, The FreeBSD Project