Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: If you have nothing to hide

  • From: bdragon
  • Date: Mon Aug 05 18:54:11 2002

> "You know, there's quite a difference between source routing and
> IP spoofing .."
> As true as this statement is, the two walk hand in hand (especially during
> certain attacks).
> If I send an attack from a spoofed address to a victim, I can turn blue in
> the face waiting for a response that will never come.
> If I spoof an address and use loose source routing I can force the response
> to return right through my network.

I was not aware that responses to source-routed packets were themselves
source-routed. I also don't believe it is the case, but am open to being
contradicted. If the responses aren't source-routed, then the packets would
only return through your network if your network was the path back to the
spoofed source.

> Also loose source routing can be used for Man-in-the-middle attacks by using
> a loose source route you can force all traffic to pass through the attackers
> network.

You could make the outbound traffic pass through a secondary target, but with
software-processing of ip options, your goodput of dos payload may go
way down. You are more likely to take down something closer to yourself
and self-limit the attack.

> Strict source routing does not benefit an attacker, but as I said loose
> source routing does.

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.