Re: Worldnet.att.net via Linux PPP Connection
On Fri, 13 Sep 1996, Bruce Perens wrote:
> I'd like to hear a good explanation of what the security problem is,
> and why anyone would want to use source routes.
The security problem? Basically, if you've got source routing enabled, I
can send bad IP packets to your machine and they'll get there. By 'bad' I
mean, say, packets with a wrong 'Source IP' field.
This can be used to get packets from 'outside' through a firewall and make
the packets look like they came from 'inside' to the destination machine,
And of course, this is kinda 'helpful' to crack services (eg rsh, etc.)
that put trust into specific IP numbers.
I don't know it that was very clear, but at least it was some kind of an
explanation. Please keep 'Drop source routed frames' enabled in the Debian