Date: Fri, 26 Jun 1998 17:27:48 +0200 From: Pierre Beyssac <Pierre.Beyssac@hsc.fr> To: andrewr <andrewr@slack.net>, Bill Fenner <fenner@parc.xerox.com> Cc: Nate Lawson <nate@almond.elite.net>, nate@elite.net, julian@whistle.com, freebsd-bugs@FreeBSD.ORG, freebsd-net@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: Re: Apparent bug in sendto() with raw sockets Message-ID: <19980626172748.A18953@mars.hsc.fr> In-Reply-To: <Pine.NEB.3.96.980626092922.1974A-100000@brooklyn.slack.net>; from andrewr on Fri, Jun 26, 1998 at 09:38:33AM -0400 References: <98Jun25.155535pdt.177515@crevenia.parc.xerox.com> <Pine.NEB.3.96.980626092922.1974A-100000@brooklyn.slack.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 26, 1998 at 09:38:33AM -0400, andrewr wrote: > Speaking of IP_HDRINCL, after reading raw_ip.c and noticing the protection > against spoofing (can't use IP_HDRINCL in certain situations), I started > thinking about actually comparing the user dsupplied ip->ip_src with the Are you sure you're talking about FreeBSD here ? SunOS 4 has such a protection (it checks that the source address belongs to one of the interfaces, or so it seems) but I've successfully spoofed packets on FreeBSD without any problem using IP_HDRINCL. Anyway, such a protection can easily bypassed by sending raw link-level packets through bpf (or probably /dev/nit in the case of SunOS, although I've never tried this). -- Pierre.Beyssac@hsc.fr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980626172748.A18953>