On Thu, 4 Aug 1994, Chris Patti { Feoh } wrote:
>
> This strikes me as being a bit on the scary side. Do we really want all the
> users of NetBSD telnet to have the ability to source route without so much
> as a recompile?
>
> Perhaps this is old news, and/or perhaps I've missed something, but the version
> that's running here allows source routing.
Um, I haven't had any experience with NetBSD, but I think you're missing an
important point, the version that is most likely included is probably similar
to a package already availible on the net which is a source-routable telnet
package. The thing is, there is a legitimate usage for source routing, hence
it's existance and the existance of telnet's like this. What makes this
package unharmful is that it does source routing the correct way; that is
if you are on host A you can connect to host D through hosts B and C..
(A->B->C->D) but host D will still know that you are comming through from
host A. Source routing attacks are usually done by being on host B and
saying you are merely passing along packets for host A... this cannot be
accomplished with the telnet package I believe you are referring to.
It's a simple matter to forward a packet saying it came from anywhere you
want by any route you want, but when the host you are sending packets to
replys it will try to respond to the real host and not your host; it
takes quite a bit of hacking to get your host to steal those replys as
they come in and keep them from being passed along to the correct host.
The easiest way to do this is with a package called VSR, which I believe
stands for Virtual Source Router, but don't quote me on that. What VSR
does is set up a virtual interface on your system (like le0) that steals
those responses and does all of the stuff it needs to do behind the
scenes. Only a select few have VSR and only a few more have the
knowledge it takes to duplicate it's work, so it is not a wide-spread threat.
-
John
Follow-Ups:
References:
|
|
