> > Wanted to test the results of turning on/off IP_FORWARDING in a Sun
> > 4.1.3.U1 kernel. First of all, I haven't yet found the blurb about
> > where you make this change. Have been browsing around in /sys/net and
> > looked through route.h, but couldn't find a mention of ipforwarding.
> > If anyone knows this off the top of their head, it would save me digging
> > through much piled paper.
> The file that ip_forwarding is declared in is /sys/netinet/ip_proto.c.
> Note: unless 4.1.3.U1 has changed from 4.1.3, turning off ip forwarding
> *does not* turn off source routing. If you have full sources you need
> to modify /sys/netinet/ip_input.c or get a patch from Sun to disable
> source routes. The default Sun configuration makes it trival for someone
> who has a modern telnet (like BSD 4.4 or NeXT's) to telnet through you
> firewall and into your internal network.
Hmmm. This is distressing! How does one protect against this kind of
attack without the luxury of source access?? Could someone with source
access (or maybe a couple people, so I can compare checksums :-> ) compile
that particular object file and mail it to me (or would that be against
the source license?).
Ft. Worth, TX