Re: Network Security hole (was -> Re: arp bug )

Alan Cox (alan@lxorguk.ukuu.org.uk)
Sat, 2 Mar 2002 19:14:55 +0000 (GMT)


> Let's say you have a firewall running Linux. Oops, I can spoof the
> external interface to accept traffic as if it's the internal one.

ARP is irrelevant to security. You don't need the ARP layer to do any
attacks or routing at all. There are a million ways to get the mac
address of a box.

> I.e. the machine still may be accepting traffic destined for one
> interface on another, even though it won't *advertise* that fact
> any more.

Its supposed to accept any packet for that system. Thats correct behaviour
for the system.

Thats why you can have firewall rules. You'll find the standard Red Hat firewall
config tool sets up interface based rule sets. In fact in general rules should be
interface not address based.

Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/