Re: secure installation

To: debian-security@lists.debian.org
Subject: Re: secure installation
From: paddy@panici.net
Date: Thu, 16 Aug 2007 12:06:58 +0000
Message-id: <[🔎] 20070816120658.GA17622@localhost.localdomain>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] e2e2e5500708160459l41c8ad02jbfc1dc46725ceed7@mail.gmail.com>
References: <[🔎] 2e4e9dbd0708151223q2f88f8e1m7689fb2912ca16fd@mail.gmail.com> <[🔎] 46C3726B.8040508@st-andrews.ac.uk> <[🔎] 2e4e9dbd0708152047kbd810f7o41f2f31e481d07e1@mail.gmail.com> <[🔎] 20070816112005.GA17851@localhost.localdomain> <[🔎] e2e2e5500708160459l41c8ad02jbfc1dc46725ceed7@mail.gmail.com>

On Thu, Aug 16, 2007 at 01:59:03PM +0200, Izak Burger wrote:
> On 8/16/07, Ondrej Zajicek <santiago@crfreenet.org> wrote:
> > And if there is no firewall (or other
> > hand-crafted protective measures), then there is no need for
> > rp_filter. So on common workstation there is no need for
> > rp_filter too.
> 
> I also don't see why you need rp_filter on a workstation.  A
> workstation generally has a single default gateway that routes
> incoming and outgoing traffic.  Since the netmask is 0.0.0.0,
> absolutely any packet is allowed to come from there, so enabling
> rp_filter would do absolutely nothing.

does it not cover the case of packets arriving at eth0 spoofed as
from 127.0.0.1 ?

what would be a easy way to test that ?

Regards,
Paddy

Reply to:

Follow-Ups:
- Re: secure installation
  - From: "Izak Burger" <isburger@gmail.com>

References:
- secure installation
  - From: Pat <paparsoss@gmail.com>
- Re: secure installation
  - From: Ian McDonald <iam@st-andrews.ac.uk>
- Re: secure installation
  - From: Pat <paparsoss@gmail.com>
- Re: secure installation
  - From: Ondrej Zajicek <santiago@crfreenet.org>
- Re: secure installation
  - From: "Izak Burger" <isburger@gmail.com>

Prev by Date: Re: secure installation
Next by Date: RE: secure installation
Previous by thread: Re: secure installation
Next by thread: Re: secure installation
Index(es):
- Date
- Thread