Once upon a time, Stephen John Smoogen <smooge@xxxxxxxxx> said: > So for ipv4 CentOS 7 and 8 may not be vulnerable out of the door (they > set to 1 versus 0 which the announcement says is kernel default and > sfe). However, they found ipv6 works without rp_filter so this is a > problem. Yeah, I didn't realize until recently that the Linux kernel only supports uRPF-style filtering on IPv4, not IPv6. That's not good IMHO. There is an iptables rpfilter extension, and I believe firewalld includes it on IPv6 by default, but firewalld isn't appropriate for all setups. -- Chris Adams <linux@xxxxxxxxxxx> _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
Re: VPN connections subject to hijack attack
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: VPN connections subject to hijack attack
- From: Chris Adams <linux@xxxxxxxxxxx>
- Date: Fri, 6 Dec 2019 09:59:29 -0600
- In-reply-to: <CANnLRdgHfYsyr8EXP6-YD4TO8fcxMWxKhq9Nhe8HfHK_FZTAaw@mail.gmail.com>
- Mail-followup-to: centos@xxxxxxxxxx
- References: <5D0E5EAB4C93D9E74E4C897E@172.27.17.193> <CANnLRdgHfYsyr8EXP6-YD4TO8fcxMWxKhq9Nhe8HfHK_FZTAaw@mail.gmail.com>
- User-agent: Mutt/1.5.21 (2010-09-15)
- References:
- Re: VPN connections subject to hijack attack
- From: Stephen John Smoogen
- Re: VPN connections subject to hijack attack
- Prev by Date: Re: VPN connections subject to hijack attack
- Next by Date: Re: Virtual problem
- Previous by thread: Re: VPN connections subject to hijack attack
- Next by thread: Virtual problem
- Index(es):
 |