Bug 17552 - default RH6.2 kernel (2.2.14) accepts source routed frames
Summary: default RH6.2 kernel (2.2.14) accepts source routed frames
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kernel   
(Show other bugs)
Version: 6.2
Hardware: i386 Linux
medium
medium
Target Milestone: ---
Assignee: Michael K. Johnson
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-09-15 20:30 UTC by jose nazario
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-09-15 20:30:46 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description jose nazario 2000-09-15 20:30:44 UTC 
the default redhat 6.2 kernel (tested on i386) accepts source routed frames. this is bad from a security standpoint because source routed 
frames are sometimes used by attackers to evade detection or hide their identity and location. the best practice is to drop source routed frames 
at the border (on the routers and firewalls) and the hosts as well. 

the offending variables live in:
/proc/sys/net/ipv4/conf/eth0/accept_source_route
/proc/sys/net/ipv4/conf/default/accept_source_route

these values should be sysctl'd to 0 to drop source routed frames.
Comment 1 Michael K. Johnson 2002-01-18 17:55:32 UTC 
Agreed that firewall scripts should turn this off, but this isn't a
bug in the configuration.
Note You need to log in before you can comment on or make changes to this bug.