loose source routed IP packets
christophstrizik_at_yahoo.com.au
Date: 02/25/04
- Previous message: Manning, Michael: "RE: which os version"
- Next in thread: Don Parker: "Re: loose source routed IP packets"
- Maybe reply: Don Parker: "Re: loose source routed IP packets"
- Maybe reply: Chris.McNab_at_trustmatta.com: "Re: loose source routed IP packets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 25 Feb 2004 07:21:55 -0000 To: pen-test@securityfocus.com('binary' encoding is not supported, stored as-is)
Dear fellows
During one of my pen-tests I encountered the following vulnerability:
The remote host accepts loose source routed IP packets.
The feature was designed for testing purpose.
An attacker may use it to circumvent poorly designed IP filtering
and exploit another flaw. However, it is not dangerous by itself.
Solution : drop source routed packets on this host or on other ingress
routers or firewalls.
Risk factor : Low
Nessus ID : 11834
\\\\\\\\\\\\\\\\\\\\\\\\\\\\
I think there is some sort of filtering device between the source and destination host. I also suspect that the filtering device just drops the packets and the nessus plug-in assumes the packet could be successfully delivered. Anybody any hints on that one?
Kind regards,
Christoph
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Manning, Michael: "RE: which os version"
- Next in thread: Don Parker: "Re: loose source routed IP packets"
- Maybe reply: Don Parker: "Re: loose source routed IP packets"
- Maybe reply: Chris.McNab_at_trustmatta.com: "Re: loose source routed IP packets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
