-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 18 Nov 2002 06:42, Eric W. Biederman wrote:
> As long as the network console/debug interface includes basic a basic
> check to verify that the packets it accepts are from the local network.
This is pretty hard to do in some configurations. You essentially have to do
this at the router, not at destination.
> And it's outgoing packets have a ttl of one. I don't have a problem.
Recent IETF work on link-local has used TTL=255 outgoing, and it has to be 255
at the receive end too. That is a reasonable way to ensure that is is
link-local, since even the most brain-dead routers will at least decrement
TTL.
> Otherwise the concept gives me security nightmares.
Computing should give you security nightmares :)
Brad
- --
http://linux.conf.au. 22-25Jan2003. Perth, Aust. I'm registered. Are you?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE91/s3W6pHgIdAuOMRAsCNAJ42Fc7CCclgD+zMbraiHYFydMcKJACfegyr
JcZ8T8+1nIe2f8G3eerNwVs=
=uGdb
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Nov 23 2002 - 22:00:19 EST