Darksat IT Security Forums
June 26, 2019, 03:52:33 pm
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Darksat IT Security Forum
From Firewall Support, AntiVirus Questions, Spyware problems, Linux and Windows Security, Black Hat SEO right down to Website Design and Multimedia
 
  Home Help Search Gallery Links Staff List Login Register  

Source Routing and spoofing source addresses


Pages: [1]
  Print  
Author Topic: Source Routing and spoofing source addresses  (Read 871 times)
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« on: August 25, 2006, 06:48:10 am »

Bypassing firewalls with loose source routing is a rather effective way of bypassing security used by many hackers / crackers
Essentially the Ip address protocoll allows you to specify a specific hop on the way to or from a destination address.

eg send packet to Anthony from Mike but go via Bob's machine.
so for example if hacker X knows that access to a specific resource is limited to IP addresses inside a network he can spoff an IP address inside the network but use loose source routing to route the packet to his machine outside in order to gain access.

Many system admins still have loose source routing enabled in order for them to be able to check wheather specific machines on the network are up and running and are passing on requests, the problem often is that the firewalls will allow external packets through that claim to be originating from an internal machine.
The best defense against this is to set your firewall to reject any packets with loose source trace routing enabled.
Often however this technique is used to gain access to webservers which are normally facing the internat with no firewall.
eg, the attacker will spoof the ip 127.0.0.1 with loose source routing enabled back to his machine in the hopes of gaining access to the server.
So if you are running a webserver it is very important to make sure that you are protected against these types of attacks.

Report Spam   Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by EzPortal
eXTReMe Tracker
Security Forum
Bookmark this site! | Upgrade This Forum
SMF For Free - Create your own Forum

Buy traffic for your forum/website
Powered by SMF | SMF © 2016, Simple Machines
Privacy Policy
Page created in 0.062 seconds with 10 queries.