Firewalls: Re: NetBSD telnet has source routing abilities by default?

Firewalls
(August 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: NetBSD telnet has source routing abilities by default?
From:	Justin Mason <jmason @ class>
Date:	Mon, 08 Aug 1994 12:27:30 +0100
To:	Tim Newsham <newsham @ uhunix . uhcc . hawaii . edu>
Cc:	firewalls @ greatcircle . com
In-reply-to:	<94Aug4 . 084712hst . 184416 @ uhunix . uhcc . Hawaii . Edu>

In your message of Thu, 04 Aug 1994 08:47:07 BST, you say:

>> This strikes me as being a bit on the scary side. Do we really want all the
>> users of NetBSD telnet to have the ability to source route without so much
>> as a recompile?
>What is the big threat in a source-routed telnet?  
>It is quite easy to write source routed apps for BSD based systems
>so even if telnet didnt support source-routing it could easily be
>added.  At least NetBSD's rlogind will drop all connections that
>are using source routing which is better than I can say for most
>rlogind's.

By the way, wzv's TCP wrapper will drop source routed packets by
default (ie, if KILL_IP_OPTIONS is defined).

Other daemon writers should snarf the relevant code, imho;
it's only 10 lines or so.

--j.

References:

Re: NetBSD telnet has source routing abilities by default?
From: Tim Newsham <newsham @ uhunix . uhcc . Hawaii . Edu>

Indexed By Date	Previous:	The Proper platform for a firewall From: R.ROSSMAN/ARSC @ cgsmtp . comdt . uscg . mil
Indexed By Date	Next:	dropping source-routed packets From: z056716 @ uprc . com (LaCoursiere J. D. (Jeff))
Indexed By Thread	Previous:	Re: NetBSD telnet has source routing abilities by default? From: Tim Newsham <newsham @ uhunix . uhcc . Hawaii . Edu>
Indexed By Thread	Next:	mount from Internet From: gaus @ znanost . mz . hr (Damir Rajnovic)