[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Loopback and multi-homed routing flaw in TCP/IP stack.

Subject: Re: Loopback and multi-homed routing flaw in TCP/IP stack.
From: "J. Bol" <j.bol@ITSEC.NL>
Date: Tue, 6 Mar 2001 11:04:11 +0100
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
Organization: ITsec Nederland B.V.
References: <3AA3ECAB.EA826D28@thebunker.net> <Pine.LNX.4.10.10103051704230.25424-100000@kyle> <20010305195042.A12028@madduck.net>
Reply-To: "J. Bol" <j.bol@ITSEC.NL>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>

> 2.2 is vulnerable, but 2.4 is not. as far as i can tell, 2.4 systems
> don't even have a localhost routing entry anymore.

We've been testing with a kernel 2.2.16 victim, which is standard with
RH7.0 and an attacker with kernel 2.0.34. I can see packets comming in
from the attacker, but the kernel does not respond to these.

We also set up an attacker with kernel 2.2.16 and tried the same attack.
No packets arrive on the victim.

jeroen & christian

S/MIME Cryptographic Signature

References:
- Loopback and multi-homed routing flaw in TCP/IP stack.
  - From: Woody <woody@THEBUNKER.NET>
- Re: Loopback and multi-homed routing flaw in TCP/IP stack.
  - From: Kyle Sparger <ksparger@DIALTONEINTERNET.NET>
- Re: Loopback and multi-homed routing flaw in TCP/IP stack.
  - From: MaD dUCK <madduck@MADDUCK.NET>

Prev by Date: Re: Loopback and multi-homed routing flaw in TCP/IP stack.
Next by Date: Warftp 1.67b04 Directory Traversal
Prev by thread: Re: Loopback and multi-homed routing flaw in TCP/IP stack.
Next by thread: Re: Loopback and multi-homed routing flaw in TCP/IP stack.
Index(es):
- Date
- Thread