Description
This article is from the Firewalls
FAQ, by Matt Curtin cmcurtin@interhack.net and Marcus J. Ranum
mjr@nfr.com with numerous contributions by others.
35 What is source routed traffic and why is it a threat? (Various Attacks - Firewalls)
Normally, the route a packet takes from its source to its destination is
determined by the routers between the source and destination. The packet
itself only says where it wants to go (the destination address), and nothing
about how it expects to get there.
There is an optional way for the sender of a packet (the source) to include
information in the packet that tells the route the packet should take to get
to its destination; thus the name ``source routing''. For a firewall, source
routing is noteworthy, since an attacker can generate traffic claiming to be
from a system ``inside'' the firewall. In general, such traffic wouldn't
route to the firewall properly, but with the source routing option, all the
routers between the attacker's machine and the target will return traffic
along the reverse path of the source route. Implementing such an attack is
quite easy; so firewall builders should not discount it as unlikely to
happen.
In practice, source routing is very little used. In fact, generally the main
legitimate use is in debugging network problems or routing traffic over
specific links for congestion control for specialized situations. When
building a firewall, source routing should be blocked at some point. Most
commercial routers incorporate the ability to block source routing
specifically, and many versions of Unix that might be used to build firewall
bastion hosts have the ability to disable or ignore source routed traffic.
Continue to:
Share and Enjoy
Bookmark this story so others can enjoy it:
Tags
security, Internet, firewalls, ssl, port, protection, application layer, proxy server, packet screening, filtering rules, viruses, terms
