[lamour at mail.argfrp.us.uu.net: Fwd: Re: If you have nothing to hide]
Todd MacDermid
tmacd at synacklabs.net
Thu Aug 8 22:14:22 UTC 2002
In message <20020805225221.82473.qmail at sidehack.sat.gweep.net>, bdragon at gweep.n
et writes:
>
>I was not aware that responses to source-routed packets were themselves
>source-routed. I also don't believe it is the case, but am open to being
>contradicted. If the responses aren't source-routed, then the packets would
>only return through your network if your network was the path back to the
>spoofed source.
A friend of mine directed me to this thread. Source routed packets
can indeed be used to spoof IP connections, and I've written a tool
to do it. It's available at http://www.synacklabs.net/projects/lsrtunnel
If you simply want to check host behaviour to see if you can spoof
connections, I've written a scanner at
http://www.synacklabs.net/projects/lsrscan
Short story is Solaris < 8 will reverse source routes by default, and
Windows boxes will reverse source routes by default. The BSDs and
Linuces I've tested mostly block source routed packets by default.
Todd
More information about the NANOG
mailing list