North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Strange things which should never happen (was Re: RFC 1918)

  • From: Patrick W. Gilmore
  • Date: Sun Jul 16 12:23:27 2000


At 03:15 PM 7/15/00 -0700, Joe Rhett wrote:
>> >I don't know my TCP/IP stack well enough, but what happens when a host
>> >with multiple interfaces, one of which is assigned an RFC1918 address,
>> >receives an packet through another interface with a source address the
>> >same RFC1918 address. Are the stacks smart enough to realize the packet
>> >is really an external packet, or will they assume the packet came from
>> >inside.
>
>> Nope - at least none of the ones I have seen.
>
>Hate to disagree, but all modern security-aware OSes can now be configured
>to validate which interface a packet should be received on. If the packet
>comes from a different interface it is generally dropped.
>
>In solaris, the option are:
>
> ip_strict_dst_multihoming
> and
> ip6_strict_dst_multihoming

I was under the impression that hosts only check the *destination* IP address. Feel free to correct me if I am mistaken (as I am sure 472 of you will do :).

Sean was asking about packets with a *source* address in a subnet which is on another one of their interfaces. So we are looking at a host which has, for instance, 1.1.1.1/24 on e0 and 2.2.2.2/24 on e1. If a packet hits e0 with a destination address of 1.1.1.1 and a source address of 2.2.2.10, why would the host reject it? The destination address is correct, and the packet was routed to the correct interface.

I think Sean is worried about the response to that packet. The host might send the reply/ACK/return/whatever packet out the second interface. If the e1 is addressed with RFC1918 space, and the packet were sourced from an RFC1918 address in another network, the reply would obviously go to the wrong location. If someone knew your internal network well enough, this might even be used as a form of DoS attack.


>Joe Rhett Chief Technology Officer

TTFN,
patrick