krb5 address checks and loopback connections
Ken Raeburn
raeburn at MIT.EDU
Mon Jul 8 15:00:01 EDT 2002
Matt Crawford <crawdad at fnal.gov> writes:
> However, another node on the link could spoof the IPv6 loopback
> address and the Linux kernel is not required by any spec I know
> to discard the incoming packet. It would be pretty broken of it
> not to discard it, but we established that part already.
Yes, that occurred to me, but I figure it's no worse than spoofing the
source address as being one of the IP (v4 or v6) addresses belonging
to the server. Slightly different in terms of what one has to screw
up, but no worse.
Ken
More information about the krbdev
mailing list