| |
Firewall Testing About VESARiA |
|
|
4 Various Attacks
4.1 What is source routed traffic and why is it a threat?
Normally, the route a packet takes from its source to its destination
is determined by the routers between the source and destination. The
packet itself only says where it wants to go (the destination
address), and nothing about how it expects to get there.
There is an optional way for the sender of a packet (the source) to
include information in the packet that tells the route the packet
should take to get to its destination; thus the name ``source routing''.
For a firewall, source routing is noteworthy, since an attacker can
generate traffic claiming to be from a system ``inside'' the firewall.
In general, such traffic wouldn't route to the firewall properly, but
with the source routing option, all the routers between the attacker's
machine and the target will return traffic along the reverse path of
the source route. Implementing such an attack is quite easy; so
firewall builders should not discount it as unlikely to happen.
In practice, source routing is very little used. In fact, generally
the main legitimate use is in debugging network problems or routing
traffic over specific links for congestion control for specialized
situations. When building a firewall, source routing should be blocked
at some point. Most commercial routers incorporate the ability to
block source routing specifically, and many versions of Unix that
might be used to build firewall bastion hosts have the ability to
disable or ignore source routed traffic.
|
 |
Vesaria
3640 Fords Lane, Suite D
Baltimore, MD 21215
443 - 501 - 4044
|
