Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
cancel
Showing results for 
Search instead for 
Did you mean: 

networking command options

SOLVED
Go to solution
john guardian
Super Advisor

networking command options

Just a question. Don't know if this applies to hp-ux. Source-routed packets supposedly allow the packet source to suggest routers forward the packet via a different path than what's configured at the router, in effect bypassing network security.

Is there any way to configure/prevent the application of reverse source routing to TCP responses to source-routed packets in hp-ux? Is it even an issue?

Thx.
2 REPLIES
Duncan Edmonstone
Honored Contributor
Solution

Re: networking command options

Not completely sure, but I think

ndd -set /dev/ip ip_forward_src_routed 0

will sort this out...

Add an entry to /etc/rc.config.d/nddconf to make permanent across reboots...

HTH

Duncan

HTH

Duncan
Matti_Kurkela
Honored Contributor

Re: networking command options

IP source routing is more of a router-level issue. If your routers are configured to block source-routed traffic or to remove source routing options from any passing traffic and behave as if those options didn't exist, you should be reasonably safe.

Duncan's advice applies if your HP-UX system is acting as a router.

As far as I know, the source routing feature in the TCP/IP protocol has never had any wide-spread legitimate use. It may have had some use with the earliest IP networks, but once TCP/IP was widely established, it quickly became obvious that source routing was a bad idea.

MK
MK