Re: Resolved: locking oneself out, unroutable addresses
gcrimp@vcn.bc.ca writes:
> On Sat, Jan 28, 2006 at 01:16:17PM +0100, Pascal Hambourg wrote:
>> Hello,
>>
>> Daniel Pittman a écrit :
>> > gcrimpOvcn.bc.ca writes:
>> >>
>> >>So, can anyone suggest what I should do with packets that have a
>> >>source address of 0.0.0.0?
>> >
>> > Junk them -- they have no real business on your network, as 0.0.0.0
>> > isn't a valid assigned address on the live Internet.
>>
>> Except at least when you use DHCP on your network. DHCP clients use
>> 0.0.0.0 as a source address when issuing DHCP requests until they get a
>> regular address from the server.
>
> Ah! Thanks.
Heh. That wont help: you can't assign 0.0.0.0 to an interface in Linux,
so the DHCP client uses a "packet socket" -- reading direct from the
interface, bypassing the firewall.
Not that it isn't vaguely cleaner not to block it on that basis.
Daniel
Reply to:
- References:
- fw newb, locking oneself out, unroutable addresses
- Re: fw newb, locking oneself out, unroutable addresses
- From: Daniel Pittman <daniel@rimspace.net>
- Re: fw newb, locking oneself out, unroutable addresses
- Re: fw newb, locking oneself out, unroutable addresses
- From: Daniel Pittman <daniel@rimspace.net>
- Resolved: locking oneself out, unroutable addresses
- Re: Resolved: locking oneself out, unroutable addresses
- From: Daniel Pittman <daniel@rimspace.net>
- Re: Resolved: locking oneself out, unroutable addresses
- From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
- Re: Resolved: locking oneself out, unroutable addresses