krb5 address checks and loopback connections

Ken Raeburn raeburn at MIT.EDU
Mon Jul 8 15:00:01 EDT 2002

Matt Crawford <crawdad at> writes:
> However, another node on the link could spoof the IPv6 loopback
> address and the Linux kernel is not required by any spec I know
> to discard the incoming packet.  It would be pretty broken of it
> not to discard it, but we established that part already.

Yes, that occurred to me, but I figure it's no worse than spoofing the
source address as being one of the IP (v4 or v6) addresses belonging
to the server.  Slightly different in terms of what one has to screw
up, but no worse.


More information about the krbdev mailing list