[FS#1132] Default config exposes ipv4 UDP port 68 to the entire Internet
LEDE Bugs
lede-bugs at lists.infradead.org
Wed Nov 1 09:57:09 PDT 2017
The following task has a new comment added:
FS#1132 - Default config exposes ipv4 UDP port 68 to the entire Internet
User who did this - Peter Backes (rtc)
----------
It is a huge difference whether you block a packet with a clearly spoofed source address, or one with a legitimate source address destined at a certain port. It is the customer's responsiblity to decide which ports to filter and which ports to accept.
As I already said, the security benefit is substantial even for ISPs that don't filter such spoofed traffic, since the attacker must then use the correct source address. Your argument is completely fallacious, and goes along the absurd line of "good security is not possible in all cases, so let's not take any security measures at all".
I simply do not understand what you want to achieve with your arguments. What is the benefit of not fixing this security problem? What is the drawback? Why are you arguing for exposing the port?
----------
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=1132#comment3745
More information about the lede-bugs
mailing list