Should routers send redirects by default?
Ricky Beam
jfbeam at gmail.com
Sat Aug 21 01:09:43 UTC 2010
On Fri, 20 Aug 2010 20:08:34 -0400, Brandon Ross <bross at pobox.com> wrote:
> Okay, I'll ask again. Exactly how does disabling ICMP redirects on my
> router prevent traffic from being intercepted?
It stops *one vector* of MITM attack. If a router honors redirects (and
it never should), an evil host can intercept traffic of hosts that aren't
on the local network.
This is 5000% beyond the scope of the original question, btw.
--Ricky
More information about the NANOG
mailing list