Subject: Re: illegal network routes and a ponderance
To: None <email@example.com>
From: Seth Kurtzberg <firstname.lastname@example.org>
Date: 02/19/2003 16:53:38
I wasn't implying that it is a good idea. :) I agree with der Mouse that it
is uncommon in recent equipment, but I see a lot of old routers still in use.
On Wednesday 19 February 2003 04:06 pm, der Mouse wrote:
> >> For better or worse, source routing is disabled in most routers for
> >> security reasons.
> Or rather, for illusion-of-security reasons. There's not that much
> software left that makes security decisions based on packets' source
> addresses, and such software has always been buggy.
> > What does it mean? They won't forward any packets with the source
> > route option, or just those whose loose-source-route option
> > explicitely mentions the router in question?
> Usually the former, I think, though I haven't investigated much.
> > The former would be bad.
> Yes, it is. It's like a lot of "security" decisions, breaking a useful
> facility to "protect" buggy software, rather than just fixing the
> stupid bugs in the first place.
> > I also believe that in IPv6 world you cannot just disable the Source
> > Routing feature (called Routing Header ) because it is necessary for
> > mobility (don't remember the details, but will look at it).
> That wouldn't stop some people. LSRR and SSRR were a useful feature of
> IPv4, but people didn't hesitate to break them in the name of security;
> I don't expect them to hesitate to break whatever the routing header
> supports in the name of security.
> /~\ The ASCII der Mouse
> \ / Ribbon Campaign
> X Against HTML email@example.com
> / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
M. I. S. Corp.