[systemd-devel] VPN connections subject to hijack attack
Kenneth Porter
shiva at sewingwitch.com
Fri Dec 6 09:51:03 UTC 2019
<https://www.bleepingcomputer.com/news/security/new-linux-vulnerability-lets-attackers-hijack-vpn-connections/>
This affects all VPNs and is a consequence of using "loose" reverse path
filtering for anti-spoofing.
Technical details:
<https://seclists.org/oss-sec/2019/q4/122>
According to the report, systemd changed the default to 2 in November 2018
so many distros are vulnerable.
<https://github.com/systemd/systemd/commits/master/sysctl.d/50-default.conf>
Here's Red Hat's explanation of why you might want to use a value of 2.
"When RHEL has multiple IPs configured, only one is reachable from a remote
network. Or why does RHEL ignore packets when the route for outbound
traffic differs from the route of incoming traffic?"
<https://access.redhat.com/solutions/53031>
More about what the rp_filter setting does:
<https://www.theurbanpenguin.com/rp_filter-and-lpic-3-linux-security/>
[Please reply on the list. No need to cc me a copy.]
More information about the systemd-devel
mailing list