Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
16658
Views
10
Helpful
4
Replies

what is source-routing?

Go to solution
m.matteson
Level 2
Level 2

‎06-17-2003 03:59 PM - edited ‎03-02-2019 08:13 AM

could someone explain to me what source routing is? a cisco security whitepaper suggested i shut that off on my interfaces. i'm curious to why. also they mentioned no ip directed-broadcast. thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
wkumari
Level 1
Level 1

‎06-18-2003 05:34 AM

Source routing (specified in RFC 791 I believe) is where you specify the route that packets take though the network. There are options in the IP header (Option 3?) that can be set to specify the routers that a packet should pass through on the way to its destination. There are 2 modes of source-routing, loose and strict. Loose specifies that the packet should pass though the listed hops, strict specifies the exact path on a hop-by-hop basis. This means that someone can force their traffic to take a specific path through your network, possisbly bypassing various security stuff. There are very few "legitimate" uses for source routing, the main one being ensuring that people at exchange points are sticking to their agreements.....

IP Directed broadcast lets you ping the broadcast address on an interface. This us used in many amplifier attacks (See Smurf for an example). If you have a large, flat network and you have ip directed broadcast on, someone could spoof a ping to the broadcast address on your network. All of the machines on that network would replay to the (spoofed) source, possibly causing a DoS.

-Warren.

* Source routing in the token ring world is something similar but different...

View solution in original post

4 Replies 4

Go to solution
jzoschke
Level 1
Level 1

‎06-17-2003 08:42 PM

Hi,

Default routing setting is dynamic. There is no fixed path from source to destination. If you want to provide a specific path from src to dest you can use source routing. (loose or strict)

Jjuergen

Go to solution
wkumari
Level 1
Level 1

‎06-18-2003 05:34 AM

Source routing (specified in RFC 791 I believe) is where you specify the route that packets take though the network. There are options in the IP header (Option 3?) that can be set to specify the routers that a packet should pass through on the way to its destination. There are 2 modes of source-routing, loose and strict. Loose specifies that the packet should pass though the listed hops, strict specifies the exact path on a hop-by-hop basis. This means that someone can force their traffic to take a specific path through your network, possisbly bypassing various security stuff. There are very few "legitimate" uses for source routing, the main one being ensuring that people at exchange points are sticking to their agreements.....

IP Directed broadcast lets you ping the broadcast address on an interface. This us used in many amplifier attacks (See Smurf for an example). If you have a large, flat network and you have ip directed broadcast on, someone could spoof a ping to the broadcast address on your network. All of the machines on that network would replay to the (spoofed) source, possibly causing a DoS.

-Warren.

* Source routing in the token ring world is something similar but different...

Go to solution
RohitShrestha2292
Level 1
Level 1

‎01-23-2021 03:46 AM

  • Source routing is a feature of the IP protocol which allows the sender of a packet to specify which route the packet take on the way to its destination ( and on the way back).
  • Source routing was originally designed to be used when a host did not have proper default routes in its routing table.
  • However, source routing is rarely used foe legitimate purpose nowadays
  • Attackers can abuse source routing to bypass firewalls or to map your network.

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to RohitShrestha2292

‎01-23-2021 12:42 PM

". . . ( and on the way back)."

Are you sure?  In the (distance) past, I've occasionally (and rarely) used IP source routing for some network testing purposes, but don't recall (?) it being used for the return packets.

"However, source routing is rarely used foe legitimate purpose nowadays"

Likely true.  First, many, I suspect, don't know how to use it for good purpose, and those purposes are also rare.

"Attackers can abuse source routing to bypass firewalls or to map your network."

IMO, if you can use it to bypass security and you're really worried about it being used to map your network, your security stance might need review.

Possible a good "bad" use example of source routing would be to chose a "better" path than that that traffic should be using.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents