> thanks much for your interesting exploit :-)

:-)

>> A2, using T's address, connects to V, LSRR through A1.  Since the
>> reversed route is used for replies, when V responds, [...]
> Is reversing the route the responsibility of individual apps, or of
> the kernel?

For TCP, the kernel normally takes care of it (though I think that in
recent kernels - probably including anything NetBSDish - the
application can explicitly tell the kernel to _not_ source-route
outgoing traffic on the connection by some call on ths socket).  For
UDP, the application has to deal with it, since there is no API for
associating outgoing traffic with previous incoming traffic.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B