First page Back Continue Last page Summary Graphics

Source Routed Packets

Source-routed packets employ a rarely used IP option allowing the originator to define the route taken between two machines, rather than let the intermediate routers determine the path.
Once traffic is routed through the attacker's machine, he can intercept the packets, read them, modify them, forge them, etc.
Coupled with source address spoofing, especially useful for exploiting trusted relationships between hosts, collecting passwords, forging servers.
Block source routed packets at either the packet-filter level or at the OS level.

Notes:

Because IP options are rarely used in IPv4, better off dropping the packets, or at least logging them.

The “Don’t Fragment” option is used in MTU discovery.

In any case, ipchains doesn’t give access to the IP options field.

Source Routed Packets

Source-routed packets employ a rarely used IP option allowing the originator to define the route taken between two machines, rather than let the intermediate routers determine the path.

Once traffic is routed through the attacker's machine, he can intercept the packets, read them, modify them, forge them, etc.

Coupled with source address spoofing, especially useful for exploiting trusted relationships between hosts, collecting passwords, forging servers.

Block source routed packets at either the packet-filter level or at the OS level.

Notes: