![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: If you have nothing to hide
From: "Steven M. Bellovin" <smb () research att com>
Date: Wed, 07 Aug 2002 14:28:58 -0400
In message <20020805225221.82473.qmail () sidehack sat gweep net>, bdragon@gweep.n et writes:
"You know, there's quite a difference between source routing and IP spoofing .." As true as this statement is, the two walk hand in hand (especially during certain attacks). If I send an attack from a spoofed address to a victim, I can turn blue in the face waiting for a response that will never come. If I spoof an address and use loose source routing I can force the response to return right through my network.I was not aware that responses to source-routed packets were themselves source-routed. I also don't believe it is the case, but am open to being contradicted. If the responses aren't source-routed, then the packets would only return through your network if your network was the path back to the spoofed source.
See section 3.2.1.8c of RFC 1122: If host receives a datagram containing a completed source route (i.e., the pointer points beyond the last field), the datagram has reached its final destination; the option as received (the recorded route) MUST be passed up to the transport layer (or to ICMP message processing). This recorded route will be reversed and used to form a return source route for reply datagrams (see discussion of IP Options in Section 4). When a return source route is built, it MUST be correctly formed even if the recorded route included the source host (see case (B) in the discussion below). --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)
Current thread:
- Re: If you have nothing to hide, (continued)
- Re: If you have nothing to hide Simon Waters (Aug 05)
- Re: If you have nothing to hide fingers (Aug 05)
- Re: If you have nothing to hide Henry Yen (Aug 05)
- Re: If you have nothing to hide bdragon (Aug 05)
- Re: If you have nothing to hide Eric Osborne (Aug 05)
- Re: If you have nothing to hide bdragon (Aug 05)
- Re: If you have nothing to hide Eric Osborne (Aug 05)
- Re: If you have nothing to hide Eric Osborne (Aug 05)
- Re: If you have nothing to hide Simon Waters (Aug 05)
- Re: Re[2]: If you have nothing to hide Miquel van Smoorenburg (Aug 05)
- Re: If you have nothing to hide bdragon (Aug 05)
- Re[4]: If you have nothing to hide Richard Welty (Aug 05)
- Re: If you have nothing to hide Steven M. Bellovin (Aug 07)
- Re: If you have nothing to hide bdragon (Aug 08)
- Re: If you have nothing to hide gg (Aug 09)
- 59% of dweebs suffer from 'False Authority Syndrome (Re: If you have nothing to hide) Len Rose (Aug 09)
- Re: If you have nothing to hide bdragon (Aug 08)