Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

[lamour@mail.argfrp.us.uu.net: Fwd: Re: If you have nothing to hide]

  • From: Todd MacDermid
  • Date: Thu Aug 08 18:20:50 2002

In message <20020805225221.82473.qmail@sidehack.sat.gweep.net>, bdragon@gweep.n
et writes:
>
>I was not aware that responses to source-routed packets were themselves
>source-routed. I also don't believe it is the case, but am open to being
>contradicted. If the responses aren't source-routed, then the packets would
>only return through your network if your network was the path back to the
>spoofed source.

A friend of mine directed me to this thread. Source routed packets
can indeed be used to spoof IP connections, and I've written a tool
to do it. It's available at http://www.synacklabs.net/projects/lsrtunnel

If you simply want to check host behaviour to see if you can spoof
connections, I've written a scanner at
http://www.synacklabs.net/projects/lsrscan

Short story is Solaris < 8 will reverse source routes by default, and
Windows boxes will reverse source routes by default. The BSDs and
Linuces I've tested mostly block source routed packets by default.

Todd





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.