Re: Tool for source routing

[ian.vitek () ixsecurity com]

I have to say something about my presentation at defcon last year.
The source routing examples in the presentation are based on the Linux 2.0
kernel.
In the 2.0 kernel it was just to disable "drop source routed frames" and enable
"forwarding" when compiling the kernel.
It is not just to set /proc/sys/net/ipv4/conf/all/accept_source_route to 1 and
/proc/sys/net/ipv4/ip_forward to 1 in the 2.2 and 2.4 kernel.
I think you have to compile the kernel as "advanced router" and set
/proc/sys/net/ipv4/conf/all/rp_filter to 0.
I do not have the time to get the exact configuration, but I am sure this will
help. And remember, this configuration is not secure! This configuration should
only be set on pen-test computers.

One last thing on defcon. I can not come this year. My wife and I are expecting
a newborn the same time as defcon. Bad planning right? ;-)
Well, there will be 6-8 people from iXsecurity this year. You can get drunk with
them. If you mail rikard.carlsson () ixsecurity com he will send you the logo that
iXsecurity will have on their t-shirts this year. Anders Ingeborn from
iXsecurity will speak about small payloads on Windows at defcon. Small as in the
comphack code:
http://www.securityfocus.com/archive/1/156486
Enough defcon promotion ;-)

Ian Vitek, iXsecurity


In reply to "Jason Witty, CISSP" <jason () wittys com>
> Ian Vitek did a pretty good presentation on IP spoofing and source routing
> last year at defcon.  His slides can be found at
> http://www.wittys.com/files/defcon_vitek.ppt .  His examples are based on
> using netcat and simple ifconfig tricks, to fully source route the packets.
>  Hope this helps.
>
> Jason