cpw%sneezy@LANL.GOV (C. Philip Wood) (01/31/89)
RFC 1009 states that it is important for gateways to implement both the Loose and Strict Source Route IP options (Page 13). Why? Hacker's in the know have indicated that, with those tools, they can bypass IP address checks which various hosts have set up to attempt a source host access check. Is it worth considering not honoring these options in a production environment such as MILNET and ARPANET? Or, could Hosts be required to have an operating system option which allows an administrator to signal that these packets be dropped? What other ways are there to defend against this kind of internet spoofing? Are there other ways to spoof a source address in an Internet environment besides LSRR and SSRR? Phil Wood, cpw@lanl.gov
CERF@A.ISI.EDU (02/01/89)
Phil, Unless I'm badly mistaken, there isn't any guarantee that a non-source-routed internet packet has a valid source address. Of course, responses to such a spoofed packet may not make it back to the origin unless a cooperating gateway helps out, or the source is on an Ethernet and is operating in promiscuous mode. I suggest that, if source authentication is an issue, you will need stronger tools/mechanisms than avoiding the use of source routing of either type. The general problem of authentication in the Internet is very important, applies to many areas including, for example, various control methods (e.g. network management subsystems) and will probably require some form of cryptographic protection to solve. The cryptography need not be used to conceal information - merely to provide an unforgeable authentication of the source. Vint Cerf