[CentOS] VPN connections subject to hijack attack
Chris Adams
linux at cmadams.netFri Dec 6 15:59:29 UTC 2019
- Previous message: [CentOS] VPN connections subject to hijack attack
- Next message: [CentOS] Virtual problem
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Once upon a time, Stephen John Smoogen <smooge at gmail.com> said: > So for ipv4 CentOS 7 and 8 may not be vulnerable out of the door (they > set to 1 versus 0 which the announcement says is kernel default and > sfe). However, they found ipv6 works without rp_filter so this is a > problem. Yeah, I didn't realize until recently that the Linux kernel only supports uRPF-style filtering on IPv4, not IPv6. That's not good IMHO. There is an iptables rpfilter extension, and I believe firewalld includes it on IPv6 by default, but firewalld isn't appropriate for all setups. -- Chris Adams <linux at cmadams.net>
- Previous message: [CentOS] VPN connections subject to hijack attack
- Next message: [CentOS] Virtual problem
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list