On Wed, 4 Apr 2018 09:57:07 -0400 James Knott <james.knott@rogers.com> wrote:
On 04/04/2018 09:35 AM, Michal Suchánek wrote:
Well, lets not forget that it's the user that connects to the 2
networks. If they didn't want to, then they wouldn't. Also, common practice these days is to use a firewall. Of course, for someone to take advantage of the connections to 2 networks they'd have to know about that.
What are you talking about? This is not about connecting to multiple networks. This is about not leaking information between different networks.
net1 +--+ net2 | |PC| | +-----+--+----+ if1 if2 ip1 ip2
When I connect my PC to two networks I have not subscribed to connecting if2 to net1 and people in net1 should not see the ip2.
Linux does show the ip2 the other devices connected to net1.
This is broken and has been the default behavior in Linux for ages. These days with half dozen firewall types supported in the kernel you can probably craft a brittle firewalling rule to prevent this.
However, this should not happen in the first place. As people these days still abuse this behaviour to access their WiFi IP over wired Ethernet it seems it has not changed - the bug is still there.
As I mentioned, Linux can be used as a router, like Unix before it. Way back in the dark ages, many routers were simply mini computers running Unix. I was even able to configure OS/2 as a router. It's common behaviour. If you have a router, you're on at least 2 networks. A router would be useless otherwise. So, routing is not a bug. It's a function of most operating systems.
Now in the case on a computer, such as my notebook, if I'm connected on both interfaces, it's very likely to be the same network on both interfaces. How is that a problem? If I'm connected to 2 different networks, it's because I want to.
Assuming you're connected to 2 networks, what "leaks"? In order to access the other network, you would have to know that there's a computer acting as a router and then configure to use it as a router. You will not see things that might advertise the other network, such as broadcasts, as they are not passed by routers. So, what is it that's leaked?
The IP address and possibly other related information about the interface in the other network - even if you are not routing.
How does this compare to when you connect to the Internet via ISP? You're now connected to many networks and rely on a firewall to keep others out. Firewalls are now typically used on personal computers, even when connected to home networks. Also, the 2 interfaces are not bridged, as you seem to imply, so that's not how you'd have a leak.
And that's exactly the problem. Linux bridges those interfaces. Not the whole networks but the interfaces present on the box are visible to all connected networks even when you did not ask for it. Thanks Michal -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org