Bug 23123

Summary: IP options reveal IPstealth mode. Just turn them off.
Product: Base System Reporter: PEEETER <pjp>
Component: kernAssignee: Yar Tikhiy <yar>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 3.5-RELEASE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description PEEETER 2000-11-27 05:50:00 UTC 
	Most IP options allow a hop to be recorded.  This defies IPSTEALTH 
	mode which purpose it seems to hide from someone traceing.  In 
	simple form ping -R in the vicinity of 10 hops will find a 
	IPSTEALTH'ed router.  All other options also apply where a neat one 
	would be a brute force searching of IP in the timestamp pre-specified 
	ip option.  My attached fix will just avoid processing IP options.  

	I have not tested this at all but theoretically it should do what
	I don't want it to do (ermm ;)

How-To-Repeat: 
	ping -R host #reveals IPSTEALTH'ed router in route path.
Comment 1 Yar Tikhiy freebsd_committer freebsd_triage 2001-12-29 09:24:48 UTC 
State Changed
From-To: open->analyzed

A more sophisticated patch applied to -current.
Comment 2 Yar Tikhiy freebsd_committer freebsd_triage 2001-12-29 09:24:48 UTC 
Responsible Changed
From-To: freebsd-bugs->yar

I'll deal with the problem.
Comment 3 Yar Tikhiy freebsd_committer freebsd_triage 2002-02-14 11:20:31 UTC 
State Changed
From-To: analyzed->closed

The bug fixed in -current and -stable, thanks.