1 |
Am 10.10.2013 06:45, schrieb Adam Carter: |
2 |
> There might have been a icmp redirect from 10.96.25.1 telling ipfire that |
3 |
> there's a better way to get to that network, and its via 10.96.25.2. |
4 |
> |
5 |
> On my system it seems to be off by default (I havent set it in |
6 |
> /etc/sysctl.conf) which makes sense as redirects can be used for MITM |
7 |
> attacks. |
8 |
> $ cat /proc/sys/net/ipv4/conf/all/accept_redirects |
9 |
> 0 |
10 |
|
11 |
So I would have to check that on the router? Or both? Just will check |
12 |
both, sure ... |
13 |
|
14 |
Could this lead to mislead keepalive packets from libvirtd? |
15 |
Maybe I should ask their network-admins for more details ... huge |
16 |
company, unknown structures ;-) |
17 |
|
18 |
Thanks, Stefan |