Penetration Testing: Re: Tool for source routing

[Ryan Russell <ryan () securityfocus com>]

On Sun, 3 Jun 2001, Franklin DeMatto wrote:

> Can anyone suggest a good tool to perform ip addr spoofing via source routing?
You generally use source routing in an attack to get to an address you
couldn't otherwise (for example, RFC1918 addresses.)

> That is, it should replace the source addr with a spoofed one, and add the
> real one as a source route.
That implies that you're trying to spoof your source address, and get the
victim machine to source-route back [to|through] the real attacker IP.
It doesn't work that way.  Only the originator of a packet gets to specify
that source routing is on.  I know of no way to force a victim to use
source routing.

Or I'm misunderstanding your question..

> It must also forward the recieved packets,
> since their dest addr will be the spoofed one.
>
> It should ideally be able to sit in between other apps, both ones that use
> connect() and ones that use raw sockets, and modify the IP packets to
> source route.  This would allow use of preexisting tools without
> rewrite/recompilation.
Any router or bridge along the way could do that, if you had total control
over it... but I think the basic premise of what you're trying to do is
off.

                                                Ryan