Re: Resolved: locking oneself out, unroutable addresses
Pascal Hambourg <pascal.mail@plouf.fr.eu.org> writes:
> Daniel Pittman a écrit :
>>>>>
>>>>>>So, can anyone suggest what I should do with packets that have a
>>>>>>source address of 0.0.0.0?
>>>>>
>>>>>Junk them -- they have no real business on your network, as 0.0.0.0
>>>>>isn't a valid assigned address on the live Internet.
>>>>
>>>> Except at least when you use DHCP on your network. DHCP clients use
>>>> 0.0.0.0 as a source address when issuing DHCP requests until they
>>>> get a regular address from the server.
>> Heh. That wont help: you can't assign 0.0.0.0 to an interface in
>> Linux,
>> so the DHCP client uses a "packet socket" -- reading direct from the
>> interface, bypassing the firewall.
>
> That sounds consistant. But what about the DHCP server side ?
It made the ISC DHCP developers very unhappy when it changed within
Linux, and I believe that the same is required on the server side
because you cannot assign 0.0.0.0 as a valid source address their
either.
Daniel
Reply to:
- References:
- fw newb, locking oneself out, unroutable addresses
- Re: fw newb, locking oneself out, unroutable addresses
- From: Daniel Pittman <daniel@rimspace.net>
- Re: fw newb, locking oneself out, unroutable addresses
- Re: fw newb, locking oneself out, unroutable addresses
- From: Daniel Pittman <daniel@rimspace.net>
- Resolved: locking oneself out, unroutable addresses
- Re: Resolved: locking oneself out, unroutable addresses
- From: Daniel Pittman <daniel@rimspace.net>
- Re: Resolved: locking oneself out, unroutable addresses
- From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
- Re: Resolved: locking oneself out, unroutable addresses
- Re: Resolved: locking oneself out, unroutable addresses
- From: Daniel Pittman <daniel@rimspace.net>
- Re: Resolved: locking oneself out, unroutable addresses
- From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>