[370] in linux-security and linux-alert archive
Re: source routing
daemon@ATHENA.MIT.EDU (Alan Cox)
Tue Sep 19 15:04:01 1995
From: iialan@iifeak.swan.ac.uk (Alan Cox)
To: linas@teleportal.com (Linas Vepstas)
Date: Tue, 19 Sep 1995 12:07:07 +0100 (BST)
Cc: linux-security@tarsier.cv.nrao.edu, linas@teleportal.com
In-Reply-To: <199509161957.OAA06873@teleportal.com> from "Linas Vepstas" at Sep 16, 95 02:57:36 pm
> kernel: ICMP: 143.166.213.152: Source Route Failed
>
> Why? what do these messages mean?
>
> I did a traceroute 143.166.213.152 and note that
> traceroute starts reporting an "infinite loop" at
> some point (typically 20 or more hops away). By
> "infinite loop" I mean that the same router starts
> showing up over and over again, with no appearent
> forward progress of the packet. What does this
> mean??
It probably means someone is adding source routing
options to your packets which is a bit naughty but
sometimes done to mend certain routing awkwardnesses
> So it would seem my packets left austin, went to houston,
> bounced around the country for a while, and
> finally came back to austin via houston. (Is that
> why my internet provider charges those fees?)
The internet routing is a mix of political, topological
and historical policies, often cross provider routers
go stupid ways. When links start dying you may see
very strange routes followed by a failure.
> Seriously, though -- should I assume that someone
> has a packet sniffer installed on one of these
> machines, and is listening to everything I say?
> Should I be worried for any reason? Should I be
> disabling something in my kernel? Is this what
It doesnt indicate anyone is up to anything. You should however
assume that anything you type across an internet link may be
being sniffed. If that worries you use tools like SSLtelnet
which are the internet equivalent of using a sealed envelope
not a postcard.
Alan
