[50779] in North American Network Operators' Group
[lamour@mail.argfrp.us.uu.net: Fwd: Re: If you have nothing to hide]
daemon@ATHENA.MIT.EDU (Todd MacDermid)
Thu Aug 8 18:19:31 2002
Date: Thu, 8 Aug 2002 18:14:22 -0400
From: Todd MacDermid <tmacd@synacklabs.net>
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
In message <20020805225221.82473.qmail@sidehack.sat.gweep.net>, bdragon@gweep.n
et writes:
>
>I was not aware that responses to source-routed packets were themselves
>source-routed. I also don't believe it is the case, but am open to being
>contradicted. If the responses aren't source-routed, then the packets would
>only return through your network if your network was the path back to the
>spoofed source.
A friend of mine directed me to this thread. Source routed packets
can indeed be used to spoof IP connections, and I've written a tool
to do it. It's available at http://www.synacklabs.net/projects/lsrtunnel
If you simply want to check host behaviour to see if you can spoof
connections, I've written a scanner at
http://www.synacklabs.net/projects/lsrscan
Short story is Solaris < 8 will reverse source routes by default, and
Windows boxes will reverse source routes by default. The BSDs and
Linuces I've tested mostly block source routed packets by default.
Todd
