Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Firewall comparison in Data Communications

From: "David T. Smith" <dsmith () uswebcks com>
Date: Wed, 02 Jun 1999 07:07:16 -0400
At 08:17 AM 5/31/99 -0400, Brian Steele wrote:

<newbie-mode>What's a "source-routed packet"?  And what danger does it pose
to a Firewall?</newbie-mode>

Brian




In brief, a source routed packet is an IP packet that includes its own
routing information.  If you enable source-routed processing then you are
supposed to reply to the packet with the same route as it sent you:

The wily hacker creates a packet

TO: HQ.corp.com
FR: field.corp.com
Source-route option: wily.hacker.hack
<<Packet innards>>

With source routing turned on the reply goes:

To: Field.corp.com
Fr: HQ.corp.com
Source-route option: wily.hacker.hack
<<packet innards>>

And you have a man in the middle.  Wily can simply masquerade as field and
be trusted by HQ.

DTS
D A V I D  T .   S M I T H 
Principal Consultant, Network Solutions 
__________________________________________ 
USWeb/CKS Corporation       http://www.uswebcks.com/ 
50 Washington Street 6th Floor
South Norwalk, CT 06854 
ph:  1 203 857 0080 
fax: 1 203 857 0082 
mailto: dsmith () uswebcks com

USWeb/CKS - A Strategic Partner for the Information Age
Previous By Date Next
Previous By Thread Next

Current thread: