Re: restrict implicit binding to interfaces

David Schwartz <davids@xxxxxxxxxxxxx> writes:

On Oct 29, 5:54 pm, Rick Jones <rick.jon...@xxxxxx> wrote:

While "Linux" is very much not such a stack on a "Strong End-System
Model" system binding to a given IP address is pretty much the same
thing since the traffic to that IP will only be accepted on that
interface.

Umm, no!!! That would make building a router virtually impossible.

Traffic to any IP assigned to the machine will, and must, be accepted
regardless of what interface it arrives on.

DS

Sounds like a real security risk to me. That says I can send packets
to a router/firewall with the destination being the inside address,
and it will respond.



.

Relevant Pages

  • Re: restrict implicit binding to interfaces
    ... David Schwartz wrote: ... Model" system binding to a given IP address is pretty much the same ... regardless of what interface it arrives on. ... Some systems (eg HP-UX, perhaps Solaris) allow ...
    (comp.os.linux.networking)
  • Re: 2 interfaces, 2 gateways, no internet
    ... David Schwartz writes: ... of them makes perfect sense. ... one may be a backup in case ... the other interface loses link. ...
    (comp.os.linux.networking)
  • Re: restrict implicit binding to interfaces
    ... David Schwartz writes: ... Programs don't listen to networks. ... If you configure an interface to one address, ... Unless you put the interface into promiscuous mode using a network sniffer. ...
    (comp.os.linux.networking)
  • Re: restrict implicit binding to interfaces
    ... Model" system binding to a given IP address is pretty much the same ... regardless of what interface it arrives on. ...
    (comp.os.linux.networking)