From owner-freebsd-bugs Thu Feb 6 12:11:08 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA01451 for bugs-outgoing; Thu, 6 Feb 1997 12:11:08 -0800 (PST) Received: from silence.secnet.com ([204.191.222.34]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA01432 for ; Thu, 6 Feb 1997 12:11:02 -0800 (PST) Received: from localhost (oliver@localhost) by silence.secnet.com (8.8.5/secnet) with SMTP id NAA00796; Thu, 6 Feb 1997 13:43:17 -0700 (MST) Date: Thu, 6 Feb 1997 13:43:17 -0700 (MST) From: Oliver Friedrichs To: David Greenman cc: Bill Fenner , freebsd-bugs@freebsd.org Subject: Re: Security advisory In-Reply-To: <199702061902.LAA18156@root.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Thu, 6 Feb 1997, David Greenman wrote: > >Just out of curiosity, why is disabling source-routing entirely > >suggested? Usually filtering out packets with source addresses > >in your network is sufficient, and source routing is useful for > >diagnostics and it's annoying when it's arbitrarily disabled. > > I think the main reason is that it allows someone to pretend to be on > a specific network when he really isn't. Any security that makes this > assumption is going to be broken by this. Correct, just a note about the advisory.. it was accidentally posted to freebsd-bugs while only being a draft. Some changes have been made and the real one will be posted in a day or so after some pointers to fixes and patches for some commercial operating systems. I would appreciate if nobody reposted it. Thanks, ;) - Oliver