[Dshield] d-link router and security
cbrenton at chrisbrenton.org
Sat Jan 3 00:50:14 GMT 2004
On Fri, 2004-01-02 at 15:43, Steve wrote:
> What is the syntax used to do this I'm interested in this..
> I know the ping "ip" -j host-list - but what is "host-list"
Ya its pretty cool stuff. ;-)
I prefer to use hping to generate them raw, but if memory serves its
just a space separated list. something like:
ping -j 184.108.40.206 220.127.116.11 18.104.22.168 192.168.1.10
So this command would bounce the echo-request off of 22.214.171.124, then
126.96.36.199, then 188.8.131.52, before heading to 192.168.1.10. If the host at
192.168.1.10 also support loose source routing, the reply follows the
same path back to the original source.
This is one of the reasons why an external IP should never be considered
trusted without some form of authentication. If you where to sniff the
packet on the 192.168.1.0/24 network, the source IP within bytes 12-15
of the IP header would be 184.108.40.206 (all the other addresses are stored
after byte 19). So if 220.127.116.11 was an external "trusted" IP, a
firewall would think this host originated the packet when in fact its
actually coming from some other host. I've worked my way in this way
doing pen testing in the past and even saw a host get whacked this way.
Have fun and play nice! :-)
More information about the list