Project

General

Profile

Actions

Bug #2073

closed

APIPA broadcasts forwarded by route-to

Added by Chris Buechler over 10 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Operating System
Target version:
Start date:
01/05/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

If there is a host with an APIPA IP sending broadcasts that match a route-to rule, the traffic gets forwarded by route-to. antispoof should block that scenario, since that IP subnet isn't defined on the source interface. We should change route-to should never forward anything destined to a broadcast MAC address to prevent such scenarios.

To work around, just add a rule to block APIPA, 169.254.0.0/16. Or ideally don't use overly permissive rulesets, the default rules will not permit this to happen.

Actions

Also available in: Atom PDF