[369] in linux-security and linux-alert archive
Re: source routing
daemon@ATHENA.MIT.EDU (Ryan Tucker)
Mon Sep 18 11:14:32 1995
From: Ryan Tucker <rtucker@crasher2.ttgcitn.com>
To: linas@teleportal.com (Linas Vepstas)
Date: Sun, 17 Sep 1995 12:18:20 -0500 (CDT)
Cc: linux-security@tarsier.cv.nrao.edu, linas@teleportal.com
In-Reply-To: <199509161957.OAA06873@teleportal.com> from "Linas Vepstas" at Sep 16, 95 02:57:36 pm
[mod: please let's keep this focused on the source route issue. Routing
policy on the Internet is a bit off-topic. --okir]
Linas Vepstas splattered this onto /dev/hda4:
> some point (typically 20 or more hops away). By
> "infinite loop" I mean that the same router starts
> showing up over and over again, with no appearent
> forward progress of the packet. What does this
> mean??
It means that the router is grossly misconfigured. Last time I saw a problem
like that, it turned out that a run of fiber was cut. The time before that?
Reconfigured with a direct lightning hit.
> So it would seem my packets left austin, went to houston,
> bounced around the country for a while, and
> finally came back to austin via houston. (Is that
> why my internet provider charges those fees?)
Typical. The Internet is not geographically-based. For example, a trip of
about 4 inches between two machines in my office goes through Des Moines,
Kansas City, Willow Springs, Denver, back to Des Moines, and to my other
machine.
> Seriously, though -- should I assume that someone
> has a packet sniffer installed on one of these
> machines, and is listening to everything I say?
It's always possible. If anything, the packets not getting to your destination
lessens the possibility slightly.
> Should I be worried for any reason? Should I be
> disabling something in my kernel? Is this what
> happens when you don't ignore ICMP redirect messages?
I get it here. Lots of weird errors in syslog.
Sep 17 12:08:41 crasher2 icmpinfo: ICMP_Dest_Unreachable[--Sub-Type-OUT-OF-RANGE--] < 128.241.4.162 [DELL-S0.SESQUI.NET] > 143.166.213.152 sp=47818 dp=33478 seq=0x00140000 sz=36(+20)
Sep 17 12:08:44 crasher2 kernel: ICMP: 143.166.213.152: Source Route Failed.
Nothing looks excessively nasty, since (i may [and probably am] be wrong)
the Source Route Failed message seems to come from 143.166.213.152, the broked
router. At least it wasn't misconfigured with a stray lightning bolt.
--
---Ryan Tucker ttgcitn.com owner
--rtucker@ttgcitn.com nether.net irc administrator
-http://www.netins.net/showcase/rtucker netins.net user development group
NetINS 28.8kb/sec 1-800 dialup -- 15 cents a minute -- 1-800-546-6587
