Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
72201
Views
61
Helpful
7
Replies

What is IP source Route ?

nitinm001
Level 1
Level 1

‎07-16-2014 08:51 AM - edited ‎03-10-2019 12:15 AM

Please let me know what is IP source Route and why is it disable for security purpose.

Thanks in advance

2 people had this problem
Labels:
0 Helpful
7 Replies 7

WILLIAM STEGMAN
Level 4
Level 4

‎07-16-2014 09:51 AM

It's information in an IP header that allows the source host to dictate the path the packet uses to get to the destination rather than leaving the path to be determined by intermediate gateways.  This could allow a source to go around security devices that are typically in the path between source and destination. 

nitinm001
Level 1
Level 1
In response to WILLIAM STEGMAN

‎07-17-2014 04:46 AM

Thanks for your reply

0 Helpful

Mohit Sahai
Cisco Employee
Cisco Employee

‎07-16-2014 10:55 AM

Hello Nitin,

Cisco routers normally accept and process source routes. Unless a network depends on it, source routing should be disabled.

Source routing is a technique whereby the sender of a packet can specify the route that a packet should take through the network. As a packet travels through the network, each router will examine the destination IP address and choose the next hop to forward the packet to. In source routing, the "source" (i.e., the sender) makes some or all of these decisions.

 

Reason for disabling: Attackers can use source routing to probe the network by forcing packets into specific parts of the network. Using source routing, an attacker can collect information about a network's topology, or other information that could be useful in performing an attack. During an attack, an attacker could use source routing to direct packets to bypass existing security restrictions.

Remedy:

Use the 'no ip source-route' command to disable IP source routing on the router. Refer to your router documentation for specific instructions.

 

 

Regards,

Mohit 

nitinm001
Level 1
Level 1
In response to Mohit Sahai

‎07-17-2014 04:46 AM

Thanks Mohit..For explaining this topic in such a good way. :-)

JimmyNguyen5830
Level 1
Level 1
In response to Mohit Sahai

‎08-13-2020 09:53 AM

Very informative response!

0 Helpful

BudimirB1978
Level 1
Level 1
In response to Mohit Sahai

‎09-14-2020 12:32 AM

How to do this on C1000-24T-4G-L, Version 15.2(7r)E? There is no "no ip source-route" option...

Greetings in advance..

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to BudimirB1978

‎09-17-2020 11:57 AM

I was not aware that the ip source-route command was not available in the C1000. But if it is not then I am not very surprised. source-route is an issue from MANY years ago. It has been disabled by default for a long time. Looks like Cisco has eliminated a command that is not relevant to our networking environment. My advice is to not worry about how to implement it.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents