Re: Problem: RFC1166 addressing

Gerhard Mack (gmack@innerfire.net)
Mon, 16 Sep 2002 13:25:54 -0400 (EDT)


On Mon, 16 Sep 2002 tomc@teamics.com wrote:

> Date: Mon, 16 Sep 2002 11:50:36 -0500
> From: tomc@teamics.com
> To: linux-kernel@vger.kernel.org
> Subject: Problem: RFC1166 addressing
>
> RFC 1166 states that:
>
>
> The class A network number 127 is assigned the "loopback"
> function, that is, a datagram sent by a higher level protocol
> to a network 127 address should loop back inside the host. No
> datagram "sent" to a network 127 address should ever appear on
> any network anywhere.
>
> Linux does not enforce this. I have uncovered some users using this
> function to attempt to circumvent the firewall. I am able to "create" 127
> network traffic as follows:
>
> Machine 1: ifconfig eth0:1 127.1.2.3 [ running kernel 2.2.14 ]
>
> Machine 2: ifconfig eth0:1 127.1.2.4 [ running kernel 2.4.19 ]
>
> Machine 2: ping 127.1.2.3
>
> Packets move between the hosts. Also seems to work on Macintosh.

I would call that a bug in the firewall rules. Depending on the hosts to
behave in such a way as to make life easier for the firewall makes for a
losing proposition.

Gerhard

--
Gerhard Mack

gmack@innerfire.net

<>< As a computer I find your faith in technology amusing.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/