>
> > Wanted to test the results of turning on/off IP_FORWARDING in a Sun
> > 4.1.3.U1 kernel. First of all, I haven't yet found the blurb about
> > where you make this change. Have been browsing around in /sys/net and
> > looked through route.h, but couldn't find a mention of ipforwarding.
> > If anyone knows this off the top of their head, it would save me digging
> > through much piled paper.
>
> The file that ip_forwarding is declared in is /sys/netinet/ip_proto.c.
> Note: unless 4.1.3.U1 has changed from 4.1.3, turning off ip forwarding
> *does not* turn off source routing. If you have full sources you need
> to modify /sys/netinet/ip_input.c or get a patch from Sun to disable
> source routes. The default Sun configuration makes it trival for someone
> who has a modern telnet (like BSD 4.4 or NeXT's) to telnet through you
> firewall and into your internal network.
>
> --mark
>
Hmmm. This is distressing! How does one protect against this kind of
attack without the luxury of source access?? Could someone with source
access (or maybe a couple people, so I can compare checksums :-> ) compile
that particular object file and mail it to me (or would that be against
the source license?).
Jeff LaCoursiere
Network Admin
UPRC
Ft. Worth, TX
|
|
