Session hijacking, source-routes

[Ken Hardy <ken () bridge com>]

Can a TCP session be hijacked if the target system rejects
source-routed IP packets?

If I understand the process correctly, the attacker quells the
legitimate client with a DOS attack and gets the server to
route the packets to himself instead after having observed the
proper sequence numbers to use.  (No real significance to use
of client/server here -- could work against either end of the
TCP connection.)

If my f/w rejects all source-routed packets, are its connections
immune to session hijacking, or does this (or can this) work
another way?

--
KH