[CentOS] VPN connections subject to hijack attack

Fri Dec 6 09:40:13 UTC 2019
Kenneth Porter <shiva at sewingwitch.com>


This affects all VPNs and is a consequence of using "loose" reverse path 
filtering for anti-spoofing. The default CentOS setting is strict filtering 
but you may have changed this to loose for some unusual routing situations. 
Check that the value of /proc/sys/net/ipv4/conf/all/rp_filter is still set 
to 1. If it's set to 2 (loose filtering), you're vulnerable.

Technical details:


According to the report, systemd changed the default to 2 in November 2018 
so many distros are vulnerable.

Here's Red Hat's explanation of why you might want to use a value of 2. 
"When RHEL has multiple IPs configured, only one is reachable from a remote 
network. Or why does RHEL ignore packets when the route for outbound 
traffic differs from the route of incoming traffic?"