Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a

completely dumb idea, because they have security implications. By sending an IPv4 packet containing an LSRR option, an attacker will cause the system to forward the packet to another IPv4 address - and this way he white-washes the source of the packet. It is also possible for an attacker to reach hidden networks: if a server has a public address, and a private one on an internal network (network which has several internal machines connected), the attacker can send a packet with: source = 0.0.0.0 destination = public address of the server LSRR first address = address of a machine on the internal network And the packet will be forwarded, by the server, to the internal machine, in some cases even with the internal IP address of the server as a source.
2018-02-05 13:23:11 +00:00 · 2018-02-05 13:23:11 +00:00 · 12bc52f12f
commit 12bc52f12f
parent 755653626f
1 changed files with 4 additions and 4 deletions
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ip_input.c,v 1.365 2018/02/05 13:04:56 maxv Exp $	*/
+/*	$NetBSD: ip_input.c,v 1.366 2018/02/05 13:23:11 maxv Exp $	*/

 /*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -91,7 +91,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.365 2018/02/05 13:04:56 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.366 2018/02/05 13:23:11 maxv Exp $");

 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@ -161,10 +161,10 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.365 2018/02/05 13:04:56 maxv Exp $");
 #define	IPSENDREDIRECTS	1
 #endif
 #ifndef IPFORWSRCRT
-#define	IPFORWSRCRT	1	/* forward source-routed packets */
+#define	IPFORWSRCRT	0	/* forward source-routed packets */
 #endif
 #ifndef IPALLOWSRCRT
-#define	IPALLOWSRCRT	1	/* allow source-routed packets */
+#define	IPALLOWSRCRT	0	/* allow source-routed packets */
 #endif
 #ifndef IPMTUDISC
 #define IPMTUDISC	1