Disable IP Source Routing

IP source routing is rarely used. On occasion, it's used for troubleshooting. However, a hacker mighi attempt to communicate with one of your hosts by inserting himself or herself as an intermediary stop between two legitimate host addresses. Figure 6-11 illustrates the scheme.

Figure 6-11 A Hacker Attacking with IP Source-Routing

Figure 6-11 A Hacker Attacking with IP Source-Routing

The hacker. II, pretends to be an intermediary hop in a source-routed path from Host B to Host A. H creates a request and a fictitious source-route path with B as the source and H as the middle hop. H sends this to A. Host A looks at the source address of the packet, sees that it's Host B, decides that B is friendly because it's on Lhe same subnet, and sends a reply back to B along the source-routed path with H as the next hop. H is now communicating with A.

The hacker could do this if both the router and Host A have IP source-routing enabled. To comply with the standards, Cisco routers and just about all TCP/IP hosts have IP source-routing on by default. To disable IP source-routing on a router, issue the no ip source-route global configuration command:

RTA#conf t

Enter configuration commands, one per line. End with CNTL/Z.

RTA(config)#no ip source route

TIP See RFC 1122 for the details of IP source routing.

Was this article helpful?

+9 -2


  • cornelia fiorentini
    How to disable source routing on Cisco?
    1 year ago
  • Grazia Rossi
    How to prevent IP Source routing on router?
    8 months ago
  • amalda
    How to disable ip source route?
    6 months ago

Post a comment