From owner-freebsd-net@FreeBSD.ORG  Sun Oct  5 22:24:25 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 3A2BC1DD
 for <freebsd-net@freebsd.org>; Sun,  5 Oct 2014 22:24:25 +0000 (UTC)
Received: from mail-qg0-f41.google.com (mail-qg0-f41.google.com
 [209.85.192.41])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id E8F01365
 for <freebsd-net@freebsd.org>; Sun,  5 Oct 2014 22:24:24 +0000 (UTC)
Received: by mail-qg0-f41.google.com with SMTP id f51so3053383qge.14
 for <freebsd-net@freebsd.org>; Sun, 05 Oct 2014 15:24:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc:content-type
 :content-transfer-encoding;
 bh=eEDz4giwue9VhfcVCvqrYJI1pvhseDvTLztlrb2APzs=;
 b=hzqj9/S1E8UctWYL4fLpgYvy6QVpbko8FjLEcvz7IYOkNOkfhzPtjDbqeHJ46Xp86+
 GBkuu6yAcubHFuObYkmPmqTV7t0h2hte2jsYZt/RBbcd69Ld9G+0N7wsIfKCMsR17qv0
 SkThpZWi1xahtpkUl/9ab952siLf54K6wixjMNjt4fABYFPe4GUiaatdr8Wam97/QtTX
 gwThYTXpitQ8+Vr1G77xBGaI+BSMURU+3BmghyLR8R52IHG2yV/paeoxLg3n4JTzqDw2
 GZ08xQvqHyb+O9p7BMGRwwqFZ8JxMgD9Hg6RipscPJIfaaB34TnBzpZvB7rih1JWhk62
 8K2w==
X-Gm-Message-State: ALoCoQl/p/GyWm2daqgZPRmr8ne3A7zg4ZA3pMkKRkY3JsNMFlg0PQ2/uOBf9tYqd4SMIWuSPOvo
MIME-Version: 1.0
X-Received: by 10.140.32.36 with SMTP id g33mr22560779qgg.57.1412547857924;
 Sun, 05 Oct 2014 15:24:17 -0700 (PDT)
Received: by 10.140.95.193 with HTTP; Sun, 5 Oct 2014 15:24:17 -0700 (PDT)
In-Reply-To: <CAJ-VmonFr4eAWqS0tngV-M7m_aUHv+9qOVny3o5Xt0CyuxwJ8w@mail.gmail.com>
References: <CAMJXoc=s=Ud52NJ0dbK-6qKEcszbni4bi1MA8mgRtQSo=2Uuyw@mail.gmail.com>
 <CAMJXoc=5gs17ZgQ7LYALwKFRPN5hQ38OOuBtDk=EjZzi82EFMA@mail.gmail.com>
 <CAMJXockiQ+0gFbxSY43OyMbNqTjdzR1i16w+yiqmm=cQ8HR=pQ@mail.gmail.com>
 <CAJm423-mFg+zU_RB+kp8wmp-V31onJJV0K4FUOLcv+czAOCKXA@mail.gmail.com>
 <CAMJXock7iYsh+MXMcxZjaTNg6cgm7g+Ha4=ZQJqLq0DtzK5BWQ@mail.gmail.com>
 <CAMJXocm=2D_F8uN1JCKjMTdQvkRhWv9Owd8=UMhYOpKK=drSHw@mail.gmail.com>
 <CAMJXocnJRGSr+Ly2dEnwZweg1hCN6LxtHBtjE=OEed_qoeShrA@mail.gmail.com>
 <CAJ-VmonFr4eAWqS0tngV-M7m_aUHv+9qOVny3o5Xt0CyuxwJ8w@mail.gmail.com>
Date: Sun, 5 Oct 2014 15:24:17 -0700
Message-ID: <CAJm4238LSs5L+mtrbvepC3Hi7EvpWvJwmUTFt7j0X3rmavsdtg@mail.gmail.com>
Subject: Re: remote host accepts loose source routed IP packets
From: Brandon Vincent <Brandon.Vincent@asu.edu>
To: Adrian Chadd <adrian@freebsd.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-net <freebsd-net@freebsd.org>, el kalin <kalin@el.net>,
 freebsd-users@freebsd.org, Colin Percival <cperciva@freebsd.org>,
 freebsd-security@freebsd.org
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Oct 2014 22:24:25 -0000

On Sun, Oct 5, 2014 at 2:39 PM, Adrian Chadd <adrian@freebsd.org> wrote:
> All accept_sourceroute does is prevent the stack from forwarding
> source routed packets. If it's destined locally then it's still
> accepted.

Out of curiosity, isn't "net.inet.ip.accept_sourceroute" supposed to
reject incoming source routed packets?

On 5 October 2014 13:22, el kalin <kalin@el.net> wrote:
> hmmm=E2=80=A6  could it be openvas?!

OpenVAS is a fork of Nessus from when it was open source.
HackerGuardian seems to use Nessus as the chief scanning engine.

Brandon Vincent