On Fri, 20 Aug 2010, Ricky Beam wrote:
On Fri, 20 Aug 2010 20:08:34 -0400, Brandon Ross <bross@pobox.com> wrote:
Okay, I'll ask again. Exactly how does disabling ICMP redirects on my router prevent traffic from being intercepted?
It stops *one vector* of MITM attack. If a router honors redirects (and it never should), an evil host can intercept traffic of hosts that aren't on the local network.
Are you saying that turning off the transmittal of ICMP redirects on most routers will simultaniously disable the honoring of ICMP redirects that that router receives? If that's not what you are saying then you are wrong.
This is 5000% beyond the scope of the original question, btw.
I disagree. The decision about whether or not a feature should be on by default or not should be clear evidence that said feature is/could be harmful. So far I have not heard a single compelling argument for how the _transmittal_ of ICMP redirects can cause any signficicant harm to a network other than what the other typical protocols that are enabled by defualt (ping, can't fragement, etc) cause. I will make the statement: The transmittal of ICMP redirects by a router _cannot_ be exploited to create a man in the middle attack. Before anyone responds to that statement, please read it very carefully. This statement does not comment on whether a host or router should be configured to _receive_ an ICMP redirect and act on it, that clearly can be used to create a MITM attack. How many of you that routinely disable ICMP redirect on your routers also routinely disable the reception of ICMP redirects on your hosts? For those of you that do not, why not? -- Brandon Ross AIM: BrandonNRoss ICQ: 2269442 Skype: brandonross Yahoo: BrandonNRoss