From: Oliver Enzmann (oliver@cosec.org)
Date: Thu May 08 2003 - 17:40:54 EDT
On Thursday 08 May 2003 21:46, R. DuFresne wrote:
> The main trouble you face is that while the tools and toys you are using
> might allow such 'loose source routing' the question and sticker might
> well be, "do the devices your specially crafted packets need to traverse
> also play the same game?"
It's an all Cisco network. Source routed packets should be forwarded fine if
the last known and reachable Cisco along the path is used as a hop for LSRR.
I doubt that source routing has been turned off using "no ip source-route"
in their configs. As for the endpoints, I don't know. They need to be
discovered first ;-)
> If those maintaining them have any salt to
> their meat, I'm betting they do not, and so your packets will only make
> it so far and then return information about route/host/service not found,
> etc.
Good point. I'll keep tcpdump logging all returned packets to a file.
With a bit of postprocessing, I should be able to find out where the packets
got stuck.
> You can toss packets at a device, buut, if the device is not
> configed to play nicely with those packets, all the mangling in the world
> will not get that device to pass em. Of course, the devices ment to be
> traversed could have OS flaws or HW issues that fail them 'open' if they
> are hit hard enough or with truely mangeled enough packets, but, not the
> thing one might wish to place bets upon
I'll have to play nicely. Kernel panics and BSODs are not an option.
Oliver
-- Unix is sexy: "unzip", "strip", "touch", "mount", "sleep". --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:33 EDT