[BRIDGE]: Ethernet bridge fixes.
1. STP protocol has no security, so malcontents can fuck with the bridge's topology. The fixes are to ship with STP turned off to protect the ignorant, and run STP packets through ebtables netfilter for the smart. Got this one via a russian hacker "Oleg K. Artemjev" <olli@rbauto.ru> before he published the paper. Bridge netfilter still needs work to give a nice face on this but this patch gives the hooks to filter. 2. STP input processing was lax in it's length checking so I bet you could make up a bomb packet. My inspection while doing #1. 3. Forwarding table could be abused by sending forged packets with bogus source address same as the local host. This came via Lennart from Jerry Kreuscher <jerrykr@mindspring.com> who ran into it by mistake.
Showing
Please register or sign in to comment