Subject: Re: question about ipf "fastroute"
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Seth Kurtzberg <firstname.lastname@example.org>
Date: 02/13/2003 15:25:53
I'm sure your interpretation of the question is correct. I was just asking
whether you thought the logic applied to source routing (as in ICMP, which
uses the options you note below) applied in this situation. If I understand
your reply, the answer is no, they are not comparable situations.
On Thursday 13 February 2003 03:11 pm, der Mouse wrote:
> >>> I want to do source address based routing for some particular IPs.
> >> I have a pseudo-interface driver that does exactly this: [...]
> > Do you consider this a security issue?
> > I know that in general source routing is frowned about by security
> > folks, but I'm not sure if that applies to this situation.
> As I understand it it does not.
> My understanding is that "source routing" as it is used in the contexts
> in which it is (as you say) frowned upon does not refer to routing
> based on ip_src, which is what's under discussion here, but rather to
> obeying SSRR and LSRR IP options. The latter is completely orthogonal
> to the type of routing I was talking about. (And, unless I
> misunderstood, what the original poster was talking about.)
> /~\ The ASCII der Mouse
> \ / Ribbon Campaign
> X Against HTML email@example.com
> / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
M. I. S. Corp.