VPN connections subject to hijack attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



<https://www.bleepingcomputer.com/news/security/new-linux-vulnerability-lets-attackers-hijack-vpn-connections/>

This affects all VPNs and is a consequence of using "loose" reverse path filtering for anti-spoofing. The default CentOS setting is strict filtering but you may have changed this to loose for some unusual routing situations. Check that the value of /proc/sys/net/ipv4/conf/all/rp_filter is still set to 1. If it's set to 2 (loose filtering), you're vulnerable.

Technical details:

<https://seclists.org/oss-sec/2019/q4/122>

According to the report, systemd changed the default to 2 in November 2018 so many distros are vulnerable.

Here's Red Hat's explanation of why you might want to use a value of 2. "When RHEL has multiple IPs configured, only one is reachable from a remote network. Or why does RHEL ignore packets when the route for outbound traffic differs from the route of incoming traffic?"

<https://access.redhat.com/solutions/53031>

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux