Hosting Provided By

Re: listening to IPv4 & 6 sockets

From: Theo de Raadt <deraadt(at)cvs.openbsd.org>
Date: Thu Sep 18 2003 - 14:28:18 EDT

> From: Thorsten Glaser <tg-20037@netcologne.de>
> > Dixitur illum corya@sentex.ca scribere...
> > >of IPv4 only. This is because on OpenBSD you can't just bind to and
> > >listen on a IPv6 socket and get the IPv4 connections on that same
> > >socket like other OSes can do.
>
> > This is because itojun@ thinks it's a security problem, and
>
> OK, but then why is it a security risk?

It causes what is called "automatic tunnels". These are incredibly dangerous, hence, the decision was made -- and pressure is being applied to the IETF, to stop this ridiculous embracing of such crap technology ideas which can (and will) result in by-passing of firewalls.

It will never be re-enabled in OpenBSD. Received on Thu Sep 18 14:32:31 2003

This message: [ Message body ]
Next message: Sebastien.Josset(at)space.alcatel.fr: "Réf. : Re: R if._:_Re:_IPv6_Linklocal_address_and_IPSec_bug"
Previous message: Paul de Weerd: "Re: your mail"
Maybe in reply to:(deleted message) Thorsten Glaser: "Re: listening to IPv4 & 6 sockets"
Next in thread: Cory C. Albrecht: "Re: listening to IPv4 & 6 sockets"
Reply: Cory C. Albrecht: "Re: listening to IPv4 & 6 sockets"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:30:14 EDT