On Sun, Oct 5, 2014 at 6:24 PM, Brandon Vincent <brandon.vinc...@asu.edu> wrote:
> On Sun, Oct 5, 2014 at 2:39 PM, Adrian Chadd <adr...@freebsd.org> wrote: > > All accept_sourceroute does is prevent the stack from forwarding > > source routed packets. If it's destined locally then it's still > > accepted. > > Out of curiosity, isn't "net.inet.ip.accept_sourceroute" supposed to > reject incoming source routed packets? that was my understanding too. as far a forwarding - have it off too: # sysctl -a | grep forwa kern.smp.forward_signal_enabled: 1 net.inet.ip.forwarding: 0 net.inet.ip.fastforwarding: 0 net.inet6.ip6.forwarding: 0 > > On 5 October 2014 13:22, el kalin <ka...@el.net> wrote: > > hmmm… could it be openvas?! > > OpenVAS is a fork of Nessus from when it was open source. > HackerGuardian seems to use Nessus as the chief scanning engine. i'm aware of those. i used to use Nessus when it was open and did pre scanning for pci with it on freebsd 7 and 8 and everything was fine. now this is really mind boggling…. i can't imagine that both freebsd 9 an 10 and also netbsd 6 will have this "vulnerability" which according to the information that the hackerguardian (nessus?!) suggest to read points to links from 2002. unless it has to do with virtualization somehow. am i the first person ever to try to get pci compliant on bsd on aws?! i did report this as a false positive to hackerguardian on friday. haven't heard from them since. but i'm not holding my breath… > > Brandon Vincent > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
