Re: loose source routed IP packets
From: Don Parker (dparker_at_rigelksecurity.com)
Date: 02/25/04
- Previous message: Scovetta, Michael V: "RE: manipulating query strings"
- Maybe in reply to: christophstrizik_at_yahoo.com.au: "loose source routed IP packets"
- Next in thread: Chris.McNab_at_trustmatta.com: "Re: loose source routed IP packets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 Feb 2004 15:10:43 -0500 (EST) To: <christophstrizik@yahoo.com.au>, pen-test@securityfocus.com
Hi there, I am a little confused here actually. Is the operating system itself accepting
the lsrr packets? or is it the gateway router/firewall accepting it? I found last year
that all win32 tcp/ip stacks do accept lsrr packets by default *but* will only reverse
the first hop in that series. I raised this issue with MS Security last year and was
told it would be fixed in the next service pack. We shall see if they did. I am most
curious as to what o/s it is your talkign about here as most linux and unix installs
disallow lsrr packets by default.
Cheers!
Don
-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.249.8340
fax:613.249.8319
--------------------------------------------
On Feb 25, <christophstrizik@yahoo.com.au> wrote:
Dear fellows
During one of my pen-tests I encountered the following vulnerability:
The remote host accepts loose source routed IP packets.
The feature was designed for testing purpose.
An attacker may use it to circumvent poorly designed IP filtering
and exploit another flaw. However, it is not dangerous by itself.
Solution : drop source routed packets on this host or on other ingress
routers or firewalls.
Risk factor : Low
Nessus ID : 11834
\\\\\\\\\\\\\\\\\\\\\\\\\\\\
I think there is some sort of filtering device between the source and destination host.
I also suspect that the filtering device just drops the packets and the nessus plug-in
assumes the packet could be successfully delivered. Anybody any hints on that one?
Kind regards,
Christoph
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Scovetta, Michael V: "RE: manipulating query strings"
- Maybe in reply to: christophstrizik_at_yahoo.com.au: "loose source routed IP packets"
- Next in thread: Chris.McNab_at_trustmatta.com: "Re: loose source routed IP packets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
