Re: route (is it forwarding packets?) (sorry if duplicate).

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2004-08-25 at 10:04, Mike Klinke wrote:
> On Wednesday 25 August 2004 08:39, Scot L. Harris wrote:
>  
> > That route is part of the zero configuration project.  You can
> > get rid of this by adding the line:
>  
> >
> > Now why anyone would want this I don't know.  And why it mucks up
> > the routing tables when you do have networking configured I don't
> > know. Personally it looks like a huge security hole that will
> > explode when enough systems have been infected with this stuff.
> >
> > 
> 
> Like you, I have wondered at the reasoning behind setting this route 
> even if you have another valid, working route/interface.  Windows 
> 98 was the first OS I saw this on and I was surprised when RH9 came 
> out with it.  Windows boxen, however, don't enable it if a 
> otherwise valid route/interface is discovered and I don't know if 
> Mac still enables it or not. I'm not sure it's any more expoitable 
> than a valid IP address but it sure was unexpected and the first 
> thing I do is disable it after configuring a new system.  
> 
> Regards, Mike Klinke

I don't know that this could be exploited some way, just being
paranoid.  :)

The first time I saw it I went on a hunt checking for rootkits and
tunnels.  I still don't understand why this is even included.  I have
yet to hear of a system starting up with no information and
automatically get network connectivity.  Other than generating a lot of
questions by inquisitive people I can not find a benefit in this
"service".  

Like you I shut off this at the first opportunity.  I have not tried it
but I guess someone that connects to your network might be able to get a
response to a system that left this enabled.  I may have to test that
theory.  As such it could be a path that might be exploited for someone
that could hide their packets if your IDS tools are not looking at those
addresses.  Of course most people just sniff the network and use the
assigned subnet to search out all the systems and attempt their
exploits.   

This is something that really should be disabled by default IMHO if not
dropped from the code base entirely.  

-- 
Scot L. Harris <webid@xxxxxxxxxx>



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux