Great Circle Associates Firewalls
(June 1994) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: source routing
From: "Doug Lakin" <lakind1 @ qmsmtpgw . mugu . navy . mil>
Date: 6 Jun 1994 14:37:21 U
To: "Brent Chapman" <brent @ GreatCircle . COM>
Cc: firewalls @ GreatCircle . COM
Priority: Urgent 
        Reply to:   RE>source routing 
tdolce @
 dino .
 leg .
 ca .
 gov (Tom Dolce) writes:

# I've heard that source routing is dangerous security-wise.  Can
# someone please explain what it is and why it's dangerous?  Thanks.

brent @
 GreatCircle .
 COM (Brent Chapman) writes:

>Source routing is not that dangerous in and of itself.  The problem
>is, some "routers" (generally UNIX machines with multiple interfaces,
>not dedicated boxes specificly designed to be routers) will always
>forward source-routed packets, even if IP forwarding (normal routing)
>is supposedly turned off.

I have also heard that some earlier router software suffered from the same
disease.  Could you summarize which UNIX OS and versions have the problem, as
well as any known patches?
Follow-Ups:
Indexed By Date Previous: Re: Where to get http(d)
From: anthony_starks @ merck . com (Anthony Starks)
Next: www-proxy mailing list information
From: altis @ ibeam . intel . com (Kevin Altis)
Indexed By Thread Previous: Re: source routing
From: Brent Chapman <brent @ mycroft . GreatCircle . COM>
Next: Re: source routing
From: jsz @ ramon . bgu . ac . il
Google
 
Search Internet Search www.greatcircle.com