Bug 17552 - default RH6.2 kernel (2.2.14) accepts source routed frames
Summary: default RH6.2 kernel (2.2.14) accepts source routed frames
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kernel
Version: 6.2
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Michael K. Johnson
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-09-15 20:30 UTC by jose nazario
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2000-09-15 20:30:46 UTC
Embargoed:


Attachments (Terms of Use)

Description jose nazario 2000-09-15 20:30:44 UTC
the default redhat 6.2 kernel (tested on i386) accepts source routed frames. this is bad from a security standpoint because source routed 
frames are sometimes used by attackers to evade detection or hide their identity and location. the best practice is to drop source routed frames 
at the border (on the routers and firewalls) and the hosts as well. 

the offending variables live in:
/proc/sys/net/ipv4/conf/eth0/accept_source_route
/proc/sys/net/ipv4/conf/default/accept_source_route

these values should be sysctl'd to 0 to drop source routed frames.

Comment 1 Michael K. Johnson 2002-01-18 17:55:32 UTC
Agreed that firewall scripts should turn this off, but this isn't a
bug in the configuration.


Note You need to log in before you can comment on or make changes to this bug.