nanog mailing list archives

Previous By Date Next
Previous By Thread Next

[lamour () mail argfrp us uu net: Fwd: Re: If you have nothing to hide]

From: Todd MacDermid <tmacd () synacklabs net>
Date: Thu, 8 Aug 2002 18:14:22 -0400

In message <20020805225221.82473.qmail () sidehack sat gweep net>, bdragon@gweep.n
et writes:


I was not aware that responses to source-routed packets were themselves
source-routed. I also don't believe it is the case, but am open to being
contradicted. If the responses aren't source-routed, then the packets would
only return through your network if your network was the path back to the
spoofed source.


A friend of mine directed me to this thread. Source routed packets
can indeed be used to spoof IP connections, and I've written a tool
to do it. It's available at http://www.synacklabs.net/projects/lsrtunnel

If you simply want to check host behaviour to see if you can spoof
connections, I've written a scanner at
http://www.synacklabs.net/projects/lsrscan

Short story is Solaris < 8 will reverse source routes by default, and
Windows boxes will reverse source routes by default. The BSDs and
Linuces I've tested mostly block source routed packets by default.

Todd
Previous By Date Next
Previous By Thread Next

Current thread: