Hi,
On 3/16/19 18:51, Grant Taylor wrote:
On 3/16/19 11:40 AM, Erik Auerswald wrote:
[...]
As I type this, I wonder if there might be any problems related to uRPF
/sending/ the BFD-EM packet. I think it's going to need to be sent in
such a way as to bypass the local routing stack.
But that's on a system that I control and I have options to overcome any
local limitations. }:-)
Yeah, one needs to send a packet destined to the same machine out an
interface. That might need some trickery.
I remember some related trickery from a Project Zero blog post:
googleprojectzero.blogspot.de/2015/12/fireeye-exploitation-project-zeros.html
A BFD daemon using RAW sockets (neither UDP nor TCP) might not need
something like the above, similar to ping -I <Iface> -r <TargetIP>.
Thanks,
Erik
