On Tue, Mar 06, 2001 at 01:34:18PM +0300, 3APA3A wrote:
> Windows NT behaves same way - it will accept connection to internal
> address through external interface even if routing is not enabled (I'm
> not sure about loopback). Then configuring Cisco routers it's quite
One thing that hasn't been clearly stated, although it's obvious to experts:
this vulnerability is only available for people who are already on your
subnet.
So it IS a 'remote vulnerability' but only for people who are on your
subnet. So if you have a DMZ with no untrusted computers on the subnet, this
will not harm you.
I still feel that this is a pretty stupid oversight - if routing is switched
off as it SHOULD or even MUST be on a host, this is not supposed to happen.
Regards,
bert
--
http://www.PowerDNS.com Versatile DNS Services
Trilab The Technology People
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet
