From owner-freebsd-security@FreeBSD.ORG Mon Oct 6 06:24:13 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 222E7B3F; Mon, 6 Oct 2014 06:24:13 +0000 (UTC) Received: from mail-wg0-x22f.google.com (mail-wg0-x22f.google.com [IPv6:2a00:1450:400c:c00::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2AA35619; Mon, 6 Oct 2014 06:24:12 +0000 (UTC) Received: by mail-wg0-f47.google.com with SMTP id x13so5609947wgg.6 for ; Sun, 05 Oct 2014 23:24:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=/YA8yMSP4Int3LA7Kn2SwulM0Qmj45lf4vgFaMkbEaU=; b=d59a83fy9RO7xCC4SpKZtp+4a8GYOg2g9CSr/z4X8XMYFt7NXLPDXhuwaL38LMAwNa upqrBUgKP9ryHJut3UftKmDjiVBCMAyCS83nSqz6po2PnEXuP2EW4TNCW4N8dYW6PCbU 7rRGgqFjklb21fZ+0KrcyTO80MlNDSFy9FVakHjCyCF7IXvOCHPc5J+NF5CzwQT5fiaF ltz3JzsvED6rv2LndyGkq1IfVNR6Attyj6ouXE/92tptoL6wd2h+3eF8K15gnmhInCi5 E8Mz6UXOC6wDbN0NHb3afyeyI4EBFpa2jWzfJoVzgeGkrwRMgyJa4Z4ihGjGlYIThvP4 ikKg== MIME-Version: 1.0 X-Received: by 10.194.157.230 with SMTP id wp6mr27408459wjb.15.1412576650395; Sun, 05 Oct 2014 23:24:10 -0700 (PDT) Sender: adrian.chadd@gmail.com Received: by 10.216.106.136 with HTTP; Sun, 5 Oct 2014 23:24:10 -0700 (PDT) In-Reply-To: References: Date: Sun, 5 Oct 2014 23:24:10 -0700 X-Google-Sender-Auth: XuPU46rKcwBzVUM0gswP46xnHTU Message-ID: Subject: Re: remote host accepts loose source routed IP packets From: Adrian Chadd To: el kalin Content-Type: text/plain; charset=UTF-8 X-Mailman-Approved-At: Mon, 06 Oct 2014 11:17:15 +0000 Cc: freebsd-security@freebsd.org, freebsd-net , Colin Percival , Brandon Vincent X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Oct 2014 06:24:13 -0000 Hi, I'm just going off what I saw in the code. Maybe the code changed and the bug was introduced. I suggest: (a) use ipfw to filter them for now; and (b) file a PR (https://bugs.freebsd.org/submit/) so it's not forgotten. Thanks! -a