OK, time to clear some smoke: The IP protocol was designed a long long time ago (September 1981 according to the RFC: http://www.ietf.org/rfc/rfc0791.txt), and several archaic feature that were probably considered "cool" at that time. Source routing divides to two features: Loose source routing- means you set "Loose Source Routing" and add 1 to 8 IPs in the IP-options. The reason you can only use 8 hops is due to IP header size limitations. Your IP packet will travel to the first IP first, and then to the second IP and on until it travels through all the IPs you defined, and then it will head toward the Destination. See traceroute -g. Strict Source Routing- is quite the same, only it means setting a different flag, and that the packet _must_ travel through _only_ the hops you wrote. Since you can only specify 8 hops this option is of little use nowadays. Another relevant option is "Record Route"- Another flag needs to be set in the header, and every hop the packet goes through will write it's IP in the header, hence you can get traceroute-like capabilities with one packet. -R to ping will do that for you. How do I attack a machine/network with this? Suppose you have stupid firewall with LAN and DMZ, you _might_ be able to pose as the DMZ if you send a packet to the LAN with IP of a DMZ server in Loose Source Routing mode. Real Life? All these options are deprecated. Any good firewall should drop packets with these flags, and any such packet should be treated like an attack by an IDS. There are lots of TCP/IP implementations out there that don't support that, and many routers that just drop that. Since you've sucked your target's SNMP data, why don't you look for more lenient weaknesses? Best Regards, Yonatan Bokovza IT Security Consultant Xpert Systems > Vladimir Parkhaev wrote: > > > > I am doing a vulnerability assesment for one of our clients. One > > of their boxes is a multihomed Solaris server with > ipforwarding enabled. > > IP addresses are available via snmp with default community string. > > > > I tried to use this box as a gateway to internal network coming > > from the Internet without success. I also looked at source > > routing but did not find any tools (Net::RawIP does not seem > > to support IP options). > > > > Does anybody know how I can use this box to do routing for me? > > > > Thanks. > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 12:08:21 PDT