Subject: misc/3212: Source routing configuration problem
To: None <>
From: None <>
List: netbsd-bugs
Date: 02/11/1997 17:10:29
>Number:         3212
>Category:       misc
>Synopsis:       Source routing configuration problem
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    misc-bug-people (Misc Bug People)
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Feb 11 09:20:01 1997
>Originator:     David Brownlee
Monochrome (<a href="">Monochrome</a>)
>Release:        1.2_BETA
NetBSD/sparc, IPX
System: NetBSD 1.2_BETA NetBSD 1.2_BETA (_SUN4C+FB_) #0: Fri Aug 16 10:40:16 BST 1996 sparc

	(Should actually be category 'security')
	NetBSD ships with 'net.inet.ip.forwsrcrt = 1'. This means it will
	forward source routed packets.
	BSDI (from whom the sysctl name was taken) have changed to shipping
	with net.inet.ip.forwsrcrt defaulted to 0. This is a 'Good Thing' :)

	There is an additional option of adding a sysctl variable to
	diable the _accepting_ of source routed packets as well,
	however that involves some work :) (tcp wrappers are not enough
	as UDP packets can be source routed as well)

	Use NetBSD as a router and watch those nasty source routed packets
	getting through.
	Default net.inet.ip.forwsrcrt to 0.

	For the second part, add code to drop source routed packets :)