North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: If you have nothing to hide
- From: bdragon
- Date: Mon Aug 05 18:54:11 2002
> "You know, there's quite a difference between source routing and
> IP spoofing .."
> As true as this statement is, the two walk hand in hand (especially during
> certain attacks).
> If I send an attack from a spoofed address to a victim, I can turn blue in
> the face waiting for a response that will never come.
> If I spoof an address and use loose source routing I can force the response
> to return right through my network.
I was not aware that responses to source-routed packets were themselves
source-routed. I also don't believe it is the case, but am open to being
contradicted. If the responses aren't source-routed, then the packets would
only return through your network if your network was the path back to the
> Also loose source routing can be used for Man-in-the-middle attacks by using
> a loose source route you can force all traffic to pass through the attackers
You could make the outbound traffic pass through a secondary target, but with
software-processing of ip options, your goodput of dos payload may go
way down. You are more likely to take down something closer to yourself
and self-limit the attack.
> Strict source routing does not benefit an attacker, but as I said loose
> source routing does.