Source Routing contents.gifindex.gif

Source Routing

Source routing is an option set within the IP packet that allows someone to select a specific or approximate path for a packet to follow in order for it to reach its destination.

This option overrides the router's chosen paths. If a firewall or boundary host had this option turned on, a packet or packets with source routing enabled bypasses the rules set up by the firewall. The scanner sets the source route option within the TCP packets and attempts to route them through the boundary host in an effort to compromise it. If this is possible, then an intruder can use this technique to perform the same task in an effort to access and subvert the network beyond the logical boundary. If a machine within the set of scanner targets can be seen, it will then appear on the report and prove the vulnerability.

Risk: Medium

Fix: Reconfigure the boundary host/packet filter to drop packets with the source route bit set.