[Dshield] d-link router and security
josh at raintreeinc.com
Sat Jan 3 05:40:22 GMT 2004
Well, I'm not an expert at loose source routing by any means (I just heard
of it today ... thanks Chris! Shows just how much of my copy of TCP/IP
Illustrated I've managed to read so far...) but I couldn't get my d-link to
let packets through like that. Nor, for that matter, a router at work, nor
any of the windows servers at work, so I'm really not sure I did it right.
But I'll keep trying...
From: Chris Brenton
To: General DShield Discussion List
Sent: 1/2/2004 4:50 PM
Subject: RE: [Dshield] d-link router and security
On Fri, 2004-01-02 at 15:43, Steve wrote:
> What is the syntax used to do this I'm interested in this..
> I know the ping "ip" -j host-list - but what is "host-list"
Ya its pretty cool stuff. ;-)
I prefer to use hping to generate them raw, but if memory serves its
just a space separated list. something like:
ping -j 22.214.171.124 126.96.36.199 188.8.131.52 192.168.1.10
So this command would bounce the echo-request off of 184.108.40.206, then
220.127.116.11, then 18.104.22.168, before heading to 192.168.1.10. If the host at
192.168.1.10 also support loose source routing, the reply follows the
same path back to the original source.
This is one of the reasons why an external IP should never be considered
trusted without some form of authentication. If you where to sniff the
packet on the 192.168.1.0/24 network, the source IP within bytes 12-15
of the IP header would be 22.214.171.124 (all the other addresses are stored
after byte 19). So if 126.96.36.199 was an external "trusted" IP, a
firewall would think this host originated the packet when in fact its
actually coming from some other host. I've worked my way in this way
doing pen testing in the past and even saw a host get whacked this way.
Have fun and play nice! :-)
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list