Bug #2073
APIPA broadcasts forwarded by route-to
| Status: | New | Start date: | 01/05/2012 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | Operating System | |||
| Target version: | - | |||
| Affected version: | All | Affected Architecture: |
Description
If there is a host with an APIPA IP sending broadcasts that match a route-to rule, the traffic gets forwarded by route-to. antispoof should block that scenario, since that IP subnet isn't defined on the source interface. We should change route-to should never forward anything destined to a broadcast MAC address to prevent such scenarios.
To work around, just add a rule to block APIPA, 169.254.0.0/16. Or ideally don't use overly permissive rulesets, the default rules will not permit this to happen.
History
#1
Updated by Chris Buechler about 1 year ago
- Description updated (diff)