Firewalls: Source Routing and Disabling

Firewalls
(January 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Source Routing and Disabling
From:	Ray Hooker <rayhook @ ibm . net>
Date:	Tue, 2 Jan 1996 12:01:32 -0500
To:	"'Firewall Mailing List'" <firewalls @ Greatcircle . com>

I know certain things about source routing:
  - Stated purpose (see RFC 791) was to allow the specification of routing
    information to be used by gateways.
  - I know how to code source routed packets under UNIX (or Linux).
  - They can be used in attacking TCP/IP hosts (see IPEXT paper on
    weaknesses in the TCP/IP protocol.
  - Microsoft's tracert module purportedly has an option to use 
    loose source-routing to debug network problems (this is their
    version of traceroute).
  - Some networks configure their routers to reject source-routed packets.
  - Firewalls should reject source-routed packets.
What I am curious about is what functions or applications, if any, commonly use source-routing.  I haven't noticed any Telnet clients that, for example, could specify a loose source-routing to contact a particular host.  I have searched the Comer series on Internetworking with TCP/IP and other references, but see little information on actual usage.

Ray Hooker, rayhook @
 ibm .
 net
Secure I/T Inc.
1-919-544-4565

Follow-Ups:

Re: Source Routing and Disabling
From: JOSE LUIS VERDEGUER NAVARRO <a01056 @ eps . ua . es>

Indexed By Date	Previous:	Re: Type enforcement vs chroot and buffers From: peter @ nmti . com (Peter da Silva)
Indexed By Date	Next:	ipx-bridging & ip-routing From: Pablo <pablo @ smartlink . net>
Indexed By Thread	Previous:	Where to find Endorsed Product List From: gaus @ znanost . hr (Damir Rajnovic)
Indexed By Thread	Next:	Re: Source Routing and Disabling From: JOSE LUIS VERDEGUER NAVARRO <a01056 @ eps . ua . es>