Neil W Rickert wrote:
>
> Woody <[EMAIL PROTECTED]> wrote:
>
> >We believe there to be a serious security flaw in the TCP/IP stack of
> >several Unix-like operating systems. Whilst being "known" behavior on
> >technical mailing lists, we feel that the implications of this
> >"feature" are unexpected. Furthermore, not all platforms behave in the
> >same way, which will obviously lead to invalid expectations.
>
> [detailed description snipped]
>
> I am surprised to see this described as a flaw. It is behavior I
> have been relying on for some time. Specifically, on my client
> machines, I add a route to the alternate interface of my servers via
> the direct interface of the same server. This allows direct
> connection to the server without relying on a router, regardless of
> which IP address is used for the service. For NFS clients, I
> consider it important to be able to do this.
>
> If there is a flaw, it is surely in the thinking of people who
> mistakenly assumed that multi-homed systems would not behave so as to
> allow this.
It is only a flaw when routing is disabled, as we stated.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
ApacheCon 2001! http://ApacheCon.com/
