|
|
|
|
|
|
 |
 |
|
|
|
||||||
|
|
4 Various Attacks
4.1 What is source routed traffic and why is it a threat?Normally, the route a packet takes from its source to its destination is determined by the routers between the source and destination. The packet itself only says where it wants to go (the destination address), and nothing about how it expects to get there.There is an optional way for the sender of a packet (the source) to include information in the packet that tells the route the packet should take to get to its destination; thus the name ``source routing''. For a firewall, source routing is noteworthy, since an attacker can generate traffic claiming to be from a system ``inside'' the firewall. In general, such traffic wouldn't route to the firewall properly, but with the source routing option, all the routers between the attacker's machine and the target will return traffic along the reverse path of the source route. Implementing such an attack is quite easy; so firewall builders should not discount it as unlikely to happen. In practice, source routing is very little used. In fact, generally the main legitimate use is in debugging network problems or routing traffic over specific links for congestion control for specialized situations. When building a firewall, source routing should be blocked at some point. Most commercial routers incorporate the ability to block source routing specifically, and many versions of Unix that might be used to build firewall bastion hosts have the ability to disable or ignore source routed traffic.
|
|
Vesaria, LLC
443.501.4044 NEW JERSEY: 708 Lakeview Drive Lakewood, NJ 08701 MARYLAND: 722 Dulaney Valley Road, Suite 192 Towson, MD 21204
|
||||
|
© 2000 - 2012 Vesaria Network Security Specialists | |
|||||
|
|
|
|
|
|
|
|
| Call Us at 443.501.4044 |
