Date: Mon, 8 Oct 2001 03:30:02 -0700 (PDT) From: "Crist J. Clark" <cristjc@earthlink.net> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/31130: ipfw tee functionality causes malfunction and security hole Message-ID: <200110081030.f98AU2R51796@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/31130; it has been noted by GNATS. From: "Crist J. Clark" <cristjc@earthlink.net> To: Tim Burgess <tburgess@whitley.unimelb.edu.au> Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: kern/31130: ipfw tee functionality causes malfunction and security hole Date: Mon, 8 Oct 2001 03:20:15 -0700 On Mon, Oct 08, 2001 at 02:14:18AM -0700, Tim Burgess wrote: [snip] > >Description: > It looks to me like using the ipfw 'tee' function on incoming packets actually accepts the packets as destined for the localhost. Hence a rule such as: > > 600 tee 8665 ip from any to any in > > Means that anyone browsing the web on the subnet behind the gateway sees the gateway machine's webserver no matter which url they enter. www.hotmail.com/wi actually goes to www.whitley.unimelb.edu.au/wi ! I am not sure what you are saying here. The fact that the original packet is accepted is clearly documented in ipfw(8). Not ideal behavior, but documented behavior. As for this issue where you believe that you have redirected packets, what is listening on 8665/divert? Can we see a tcpdump(8) of this behavior? -- Crist J. Clark cjclark@alum.mit.edu cjclark@jhu.edu cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110081030.f98AU2R51796>