[Dshield] d-link router and security
josh at raintreeinc.com
Sat Jan 3 05:40:22 GMT 2004
Well, I'm not an expert at loose source routing by any means (I just heard
of it today ... thanks Chris! Shows just how much of my copy of TCP/IP
Illustrated I've managed to read so far...) but I couldn't get my d-link to
let packets through like that. Nor, for that matter, a router at work, nor
any of the windows servers at work, so I'm really not sure I did it right.
But I'll keep trying...
From: Chris Brenton
To: General DShield Discussion List
Sent: 1/2/2004 4:50 PM
Subject: RE: [Dshield] d-link router and security
On Fri, 2004-01-02 at 15:43, Steve wrote:
> What is the syntax used to do this I'm interested in this..
> I know the ping "ip" -j host-list - but what is "host-list"
Ya its pretty cool stuff. ;-)
I prefer to use hping to generate them raw, but if memory serves its
just a space separated list. something like:
ping -j 188.8.131.52 184.108.40.206 220.127.116.11 192.168.1.10
So this command would bounce the echo-request off of 18.104.22.168, then
22.214.171.124, then 126.96.36.199, before heading to 192.168.1.10. If the host at
192.168.1.10 also support loose source routing, the reply follows the
same path back to the original source.
This is one of the reasons why an external IP should never be considered
trusted without some form of authentication. If you where to sniff the
packet on the 192.168.1.0/24 network, the source IP within bytes 12-15
of the IP header would be 188.8.131.52 (all the other addresses are stored
after byte 19). So if 184.108.40.206 was an external "trusted" IP, a
firewall would think this host originated the packet when in fact its
actually coming from some other host. I've worked my way in this way
doing pen testing in the past and even saw a host get whacked this way.
Have fun and play nice! :-)
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list