Launching a Remote IP Spoofing Attack with IP Source Routing

If an attacker uses a feature known as IP source routing, he can specify a complete routing path to be taken by two endpoints. Consider Figure 1-5. The attacker is on a different subnet than the destination host. However, the attacker sends an IP packet with a source route specified in the IP header, which causes the destination host to send traffic back to the spoofed IP address via the route specified. This approach can overcome the previously described challenge that an attacker might have when launching a remote IP spoofing (blind spoofing) attack.

Figure 1-5 IP Source Routing IP Packet

192.168.10.10

192.168.10.20

10.1.1.1 192.168.10.1

Payload

Source

Destination

Source

Address

Address

Route

Attacker

Return Traffic over the Specified Source Route

Attacker

R1 R2

Destination 192.168.10.20

Trusted Originator 192.168.10.10

Source routing has two variations:

■ Loose: The attacker specifies a list of IP addresses through which a packet must travel.

However, the packet could also travel through additional routers that interconnect IP ; Topic addresses specified in the list.

■ Strict: The IP addresses in the list specified by the attacker are the only IP addresses through which a packet is allowed to travel.

0 0

Post a comment