Subject: Re: illegal network routes and a ponderance
To: None <firstname.lastname@example.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
Date: 02/21/2003 19:34:27
>> Or rather, for illusion-of-security reasons. There's not that much
>> software left that makes security decisions based on packets' source
>> addresses, and such software has always been buggy.
> Sendmail, relay checks.
Ugh, good point. And - at least in the code I just looked at, which
admittedly is probably not the most recent - sendmail doesn't disable
any source-route option that's present.
> Do you really want to turn your machine into an open-relay by
> allowing source routing?
No, I don't want to turn my machine into an open relay at all - but the
right thing to do is not to disable source routing, but to fix sendmail
(or run something else, something that _does_ know that peer IP
addresses cannot be trusted unless any source-route options have been
Fix the problem, don't break a useful facility to fix the symptom.
(Not that the facility is all that useful these days, given the large
numbers of people who already have broken it....)
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML email@example.com
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B