COMMAND

    Source Routing Vulnerability

SYSTEMS AFFECTED

    Any machine or firewall or with Source Routing NOT turned off

PROBLEM

    Source routing is an option  in the IP Packet headers  that allows
    someone  to  specify  a  specific  (strict) or approximate (loose)
    path  for  a  packet  to  follow  in  order  for  it to reach it's
    destination.  This option overrides the router's (that the  packet
    is passing through) chosen paths.

    If a firewall does NOT have  this option turned off then a  packet
    with source routing enabled will  totally bypass all of the  rules
    set up by the  firewall.  In essence,  the firewall might as  well
    not even  be there.   Additionally packets  can be  forced through
    certain parths  to a  destination.   Say the  ONLY way  to point A
    from  point  C  is  through  point  B.   This is done for security
    purposes, so that  only people going  through (or with  access to)
    point B can  get to point  A.  All  other paths coming  from C are
    routed through alternative  means.  A  source routed packet  would
    bypass these rules  and can be  FORCED to point  B and then  on to
    point A  if the  source routing  option is  turned on  on machines
    inbetween.

SOLUTION

    On  a  proxy  server  -  turn  off  source routing!  On the packet
    filter - Drop all incoming packets with the source routing  option
    on  (and  then  log  this).   On  all  other  machines  that could
    normally source route, turn it off.