From: Ramin Dousti <ramin@cannon.eng.us.uu.net>
To: Henrik Nordstrom <hno@marasystems.com>
Cc: Harald Welte <laforge@netfilter.org>,
netfilter@lists.netfilter.org,
netfilter-devel@lists.netfilter.org
Subject: Re: TTL patch buggy?
Date: Thu, 8 Jan 2004 15:56:51 -0500 [thread overview]
Message-ID: <20040108205651.GD22229@cannon.eng.us.uu.net> (raw)
In-Reply-To: <Pine.LNX.4.44.0401080812490.13863-100000@filer.marasystems.com>
On Thu, Jan 08, 2004 at 08:14:14AM +0100, Henrik Nordstrom wrote:
> On Wed, 7 Jan 2004, Ramin Dousti wrote:
>
> > Absolutely. For a sec I forgot all about the dense mode. Thanks, Henrik.
> > However, I still don't see any "danger" about this.
>
> The danger is in if you forget about this and set the TTL on multicast as
> if it was normal traffic. You then allow this multicast traffic to be
> distributed widely outside your network even if the originator had taken
> care to make sure distribution is not allowed far beyond the local
> networks.
OK, agreed. But in general when multicasting private data, meant only
for the local nets, one must not rely on the TTL (set by the originator)
to limit the distribution. And I'm sure a well-guarded corporation
doesn't do that.
Now I'm going to shut up and learn from you, gods of the linux tcp/ip
security subsystem.
Thanks again for sharing the knowledge.
Ramin
> Regards
> Henrik
next prev parent reply other threads:[~2004-01-08 20:56 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-02 15:02 TTL patch buggy? John A. Sullivan III
2004-01-06 18:56 ` Harald Welte
2004-01-06 22:18 ` John A. Sullivan III
2004-01-07 16:16 ` Henrik Nordstrom
2004-01-07 19:04 ` John A. Sullivan III
2004-01-07 19:18 ` Antony Stone
2004-01-07 20:44 ` Ramin Dousti
2004-01-07 19:35 ` Harald Welte
2004-01-07 20:07 ` John A. Sullivan III
2004-01-07 21:38 ` Ramin Dousti
2004-01-08 8:02 ` Cedric Blancher
2004-01-08 16:25 ` Ramin Dousti
2004-01-08 19:17 ` Cedric Blancher
2004-01-07 21:19 ` Ramin Dousti
2004-01-07 20:54 ` Henrik Nordstrom
2004-01-07 20:54 ` Henrik Nordstrom
2004-01-07 22:16 ` Ramin Dousti
2004-01-08 7:14 ` Henrik Nordstrom
2004-01-08 7:14 ` Henrik Nordstrom
2004-01-08 20:56 ` Ramin Dousti [this message]
2004-01-07 20:36 ` Ramin Dousti
2004-01-07 19:31 ` Harald Welte
-- strict thread matches above, loose matches on Subject: below --
2004-01-08 14:32 bmcdowell
2004-01-02 13:13 John A. Sullivan III
2004-01-02 14:27 ` Antony Stone
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040108205651.GD22229@cannon.eng.us.uu.net \
--to=ramin@cannon.eng.us.uu.net \
--cc=hno@marasystems.com \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.