Source routed IP packets.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
Every time I run the Nessuss remote security scanner over my IPTables FireWall 
I get the next warning:
[...]
Warning found on port general/tcp

      The remote host accepts loose source routed IP packets.
      The feature was designed for testing purpose.
      An attacker may use it to circumvent poorly designed IP filtering
      and exploit another flaw. However, it is not dangerous by itself.

      Solution : drop source routed packets on this host or on other ingress
      routers or firewalls.

Risk factor : Low
[...]

But the accept_source_route flag for all FireWall interfaces is disabled:
# cat /proc/sys/net/ipv4/conf/eth0/accept_source_route
# 0
# cat /proc/sys/net/ipv4/conf/eth1/accept_source_route
# 0
# cat /proc/sys/net/ipv4/conf/eth2/accept_source_route
# 0

Then, why I get this warning in the Nessuss report ?
How may I solve it ?

Greetings
---
Carles Xavier Munyoz Baldó
carles@xxxxxxxxxxxxxxxxx
http://www.unlimitedmail.net/
---
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux