Subject: Re: NetBSD as a Jumpstart server -- a gotcha!
To: None <sommerfeld@orchard.arlington.ma.us>
From: Steven M. Bellovin <smb@research.att.com>
List: netbsd-users
Date: 06/28/2000 09:59:47
In message <200006281346.NAA13366@orchard.arlington.ma.us>, Bill Sommerfeld wri
tes:
>> I suppose it's off by default to avoid leaking network information to
>> a potential attacker.
>
>If this is a concern, we could change it to send the replies with
>TTL=1; anyone already on the wire can make a good guess at what the
>netmask is..
It should be off by default because otherwise, one misconfigured
machine can screw up an entire network. The rationale, I would say, is
the same as ensuring that a random multi-homed machine doesn't act as a
router.
--Steve Bellovin