Re: Loose source routing for remote host discovery

[Oliver Enzmann <oliver () cosec org>]

On Thursday 08 May 2003 21:46, R. DuFresne wrote:
> The main trouble you face is that while the tools and toys you are using
> might allow such 'loose source routing' the question and sticker might
> well be, "do the devices your specially crafted packets need to traverse
> also play the same game?"  

It's an all Cisco network. Source routed packets should be forwarded fine if 
the last known and reachable Cisco along the path is used as a hop for LSRR.
I doubt that source routing has been turned off using "no ip source-route" 
in their configs. As for the endpoints, I don't know. They need to be 
discovered first ;-) 

> If those maintaining them have any salt to
> their meat, I'm betting they do not, and so your packets will only  make
> it so far and then return information about route/host/service not found,
> etc.  

Good point. I'll keep tcpdump logging all returned packets to a file. 
With a bit of postprocessing, I should be able to find out where the packets
got stuck.  

> You can toss packets at a device, buut, if the device is not
> configed to play nicely with those packets, all the mangling in the world
> will not get that device to pass em.  Of course, the devices ment to be
> traversed could have OS flaws or HW issues that fail them 'open' if they
> are hit hard enough or with truely mangeled enough packets, but, not the
> thing one might wish to place bets upon

I'll have to play nicely. Kernel panics and BSODs are not an option.

Oliver
-- 
Unix is sexy: "unzip", "strip", "touch", "mount", "sleep".


---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------