lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: NetExpress at tiscali.it (NetExpress) Subject: Linux problem, steal of IP and traffinc redirection could bypass a firewall Hi, I am wondering why linux do not recognize if someone steal it's IP, this could be a serious security problem. infact linux, Instead of Windows and freebsd and other operative system, when boot or give up a virtual IP on an interface do not send gratious arp but only ask for the gateway arp and than answer to the query for it's IP. Because of this, If I have a gateway, with IP IPA, and set a desktop/server on the lan with the same ip IPA, when it start it will be the new gateway for the all network. but try: - Suppose the gateway is in high availability, it will have phisical IP and a logical IP the logical one is known from the host of lan as default gateway. - Suppose to set a server/desktop with a virtual IP eth0:1 with the logical IP of the real gateway, send a broadcast arp, set ip_forward=1, and route all the traffic to the phisical IP of the original gateway. - Now there is a new gateway for all host on the net, and the real gateway will trust (with the trust I have on my server) the traffic that I forward to his because it come form a trusted real IP , With this I have create a by-pass of the firewall!!! this is not good!, I could se all traffic, make a man in the middle, see the database data userid e password and so on. But the worst is that if it happen on a DMZ I could create a big DOS, without someone thinks the gateway IP has been steal form someother! If linux would send a gratious arp when it give up an IP real or virtaul this problem will not be possible, because it could not bind a IP that is already present on the net. Alessandro Fiorenzi aka NetExpress fiorenzi@...cali.it http://web.tiscali.it/Fiorenzi
Powered by blists - more mailing lists