Date: Thu, 6 Feb 1997 13:43:17 -0700 (MST) From: Oliver Friedrichs <oliver@secnet.com> To: David Greenman <dg@root.com> Cc: Bill Fenner <fenner@parc.xerox.com>, freebsd-bugs@freebsd.org Subject: Re: Security advisory Message-ID: <Pine.BSI.3.95.970206133804.779A-100000@silence.secnet.com> In-Reply-To: <199702061902.LAA18156@root.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 6 Feb 1997, David Greenman wrote: > >Just out of curiosity, why is disabling source-routing entirely > >suggested? Usually filtering out packets with source addresses > >in your network is sufficient, and source routing is useful for > >diagnostics and it's annoying when it's arbitrarily disabled. > > I think the main reason is that it allows someone to pretend to be on > a specific network when he really isn't. Any security that makes this > assumption is going to be broken by this. Correct, just a note about the advisory.. it was accidentally posted to freebsd-bugs while only being a draft. Some changes have been made and the real one will be posted in a day or so after some pointers to fixes and patches for some commercial operating systems. I would appreciate if nobody reposted it. Thanks, ;) - Oliver
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.970206133804.779A-100000>