[Dshield] d-link router and security

Josh Tolley josh at raintreeinc.com
Sat Jan 3 05:40:22 GMT 2004


Well, I'm not an expert at loose source routing by any means (I just heard
of it today ... thanks Chris! Shows just how much of my copy of TCP/IP
Illustrated I've managed to read so far...) but I couldn't get my d-link to
let packets through like that. Nor, for that matter, a router at work, nor
any of the windows servers at work, so I'm really not sure I did it right.
But I'll keep trying...

-----Original Message-----
From: Chris Brenton
To: General DShield Discussion List
Sent: 1/2/2004 4:50 PM
Subject: RE: [Dshield] d-link router and security

On Fri, 2004-01-02 at 15:43, Steve wrote:
> Chris,
> 
> What is the syntax used to do this I'm interested in this.. 
> 
> I know the ping "ip" -j host-list - but what is "host-list"

Ya its pretty cool stuff. ;-)

I prefer to use hping to generate them raw, but if memory serves its
just a space separated list. something like:

ping -j 1.2.3.4 5.6.7.8 9.10.11.12 192.168.1.10

So this command would bounce the echo-request off of 1.2.3.4, then
5.6.7.8, then 9.10.11.12, before heading to 192.168.1.10. If the host at
192.168.1.10 also support loose source routing, the reply follows the
same path back to the original source.

This is one of the reasons why an external IP should never be considered
trusted without some form of authentication. If you where to sniff the
packet on the 192.168.1.0/24 network, the source IP within bytes 12-15
of the IP header would be 9.10.11.12 (all the other addresses are stored
after byte 19). So if 9.10.11.12 was an external "trusted" IP, a
firewall would think this host originated the packet when in fact its
actually coming from some other host. I've worked my way in this way
doing pen testing in the past and even saw a host get whacked this way.

Have fun and play nice! :-)
C


_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list