>
> I thought the source address in a source-routed reflected actually
> reflected the originator? That is, if untrusted host Z routes a packet
> to a target A via trusted host B then the source address at A appears
> to be Z, not B. That certainly appeared to be the case when I tried
> source routing to one of our firewalls via the other from an untrusted
> host.
this is true. Source-routing alone does not give you the ability
to fake your address. So whats all the uproar about source-routing?
Well there are two things... one is that sometimes firewalls are
set up that let you source route through them even if the access
control says you shouldnt be able to (oops). But the more interesting
thing (inmho) is faking your source address. TCP requires a three-way
handshake to set up a connection. This means you need packets going
in both directions or it doesnt work (well, there's a way around this
whch was found by rtm and later described by s. bellovin). This
is where source-routing comes in. You send out a tcp packet with
a specified source route and the remote takes the source route, reverses
it and uses the opposite path! So any packets you send to it get
replies sent back to you. Normally if A got a back "from" A it
would send a reply back to A and Z would never see it. With source
routing Z can say it is A and still receive return traffic.
hope this helps.
> nreadwin @
micrognosis .
co .
uk Phone: +1 718 273 8234
> Anything is a cause for sorrow that my mind or body has made
References:
|
|
