But if a service is bound to a particular ip address, i guess requests
coming on other ip addresses will not be accepted.
For ex: i have 2 hosts with the following set of ip addresses.
host1: 10.1.1.19, 10.1.2.19
host2: 10.1.1.20, 10.1.2.20
I ran
iperf -B 10.1.1.19 -s
on host1
Here we are binding iperf to a particular ip address: 10.1.1.19
From host2 i tried,
iperf -c 10.1.1.20
and it failed as expected.
Is this different from the scenario raised in the original bug report?
Thanks
Sridhar
On Thu, 13 May 2004, Stephen Hemminger wrote:
> On Thu, 13 May 2004 12:20:34 -0500
> "J. M." <snortwiz@xxxxxxxxxxx> wrote:
>
> > That's exactly what's happening - a service bound to an interface is
> > receiving traffic via a different interface. That could pose security risks
> > on a dual-homed machine (such as the device I pen-tested and discovered this
> > flaw upon).
> >
> > -Jared
>
> On Linux, IP addresses are not bound to interfaces. You need
> to use SO_BINDTODEVICE if that is what you want.
>
> The security model is correct, and well defined, just different than BSD
> derived systems. It does conform to the standards (RFC's).
>
>
|