Re: Tool for source routing

From: Andrew Brown (atatatat_private)
Date: Sun Jun 03 2001 - 20:03:56 PDT

  • Next message: R. DuFresne: "Re: How to go about looking for a pen-tester"

    >> Can anyone suggest a good tool to perform ip addr spoofing via source routing?
    >
    >You generally use source routing in an attack to get to an address you
    >couldn't otherwise (for example, RFC1918 addresses.)
    
    bsd4.4's telnet, for example, does it.  all you need to do is add a
    little c code to do the binding.  the actual source route setup it
    will already do itself.
    
    >> That is, it should replace the source addr with a spoofed one, and add the
    >> real one as a source route.
    >
    >That implies that you're trying to spoof your source address, and get the
    >victim machine to source-route back [to|through] the real attacker IP.
    >It doesn't work that way.  Only the originator of a packet gets to specify
    >that source routing is on.  I know of no way to force a victim to use
    >source routing.
    
    right, so you originate a packet that has source routing on and hope
    that between you and the target no one is filtering source routed
    packets.  also hope that the target is handling source routed packets.
    most machines (five years ago, at least) would happily respond to a
    source routed tcp packet with a source routed tcp packet.
    
    >> It must also forward the recieved packets,
    >> since their dest addr will be the spoofed one.
    >>
    >> It should ideally be able to sit in between other apps, both ones that use
    >> connect() and ones that use raw sockets, and modify the IP packets to
    >> source route.  This would allow use of preexisting tools without
    >> rewrite/recompilation.
    >
    >Any router or bridge along the way could do that, if you had total control
    >over it... but I think the basic premise of what you're trying to do is
    >off.
    
    not really...but total control of a router in between would certainly
    make it easier.
    
    -- 
    |-----< "CODE WARRIOR" >-----|
    codewarriorat_private             * "ah!  i see you have the internet
    twofsonetat_private (Andrew Brown)                that goes *ping*!"
    andrewat_private       * "information is power -- share the wealth."
    



    This archive was generated by hypermail 2b30 : Sun Jun 03 2001 - 23:09:39 PDT