HPE Community
Operating System - HP-UX
1752740 Members
5483 Online
108789 Solutions
New Discussion юеВ

Re: networking command options

 
SOLVED
Go to solution
john guardian
Super Advisor

тАО02-07-2011 12:23 PM

тАО02-07-2011 12:23 PM

networking command options

Just a question. Don't know if this applies to hp-ux. Source-routed packets supposedly allow the packet source to suggest routers forward the packet via a different path than what's configured at the router, in effect bypassing network security.

Is there any way to configure/prevent the application of reverse source routing to TCP responses to source-routed packets in hp-ux? Is it even an issue?

Thx.
0 Kudos
Reply
2 REPLIES 2
Duncan Edmonstone
HPE Pro

тАО02-07-2011 12:39 PM

тАО02-07-2011 12:39 PM

Solution

Re: networking command options

Not completely sure, but I think

ndd -set /dev/ip ip_forward_src_routed 0

will sort this out...

Add an entry to /etc/rc.config.d/nddconf to make permanent across reboots...

HTH

Duncan

I am an HPE Employee
Accept or Kudo
Reply
Matti_Kurkela
Honored Contributor

тАО02-07-2011 04:15 PM

тАО02-07-2011 04:15 PM

Re: networking command options

IP source routing is more of a router-level issue. If your routers are configured to block source-routed traffic or to remove source routing options from any passing traffic and behave as if those options didn't exist, you should be reasonably safe.

Duncan's advice applies if your HP-UX system is acting as a router.

As far as I know, the source routing feature in the TCP/IP protocol has never had any wide-spread legitimate use. It may have had some use with the earliest IP networks, but once TCP/IP was widely established, it quickly became obvious that source routing was a bad idea.

MK
MK
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.