From mboxrd@z Thu Jan  1 00:00:00 1970
From: tubbs@wispdirect.com
Subject: Re: Re: ipv4options still broken (posted prev w/ no reply)...
Date: Tue, 30 May 2006 18:59:27 -0500
Message-ID: <1149033568.19084@www.broadwayinternet.com>
Cc: netfilter-devel@lists.netfilter.org
Return-path: <netfilter-devel-bounces@lists.netfilter.org>
To: kaber@trash.net
List-Unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter-devel>,
	<mailto:netfilter-devel-request@lists.netfilter.org?subject=unsubscribe>
List-Archive: </pipermail/netfilter-devel>
List-Post: <mailto:netfilter-devel@lists.netfilter.org>
List-Help: <mailto:netfilter-devel-request@lists.netfilter.org?subject=help>
List-Subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter-devel>,
	<mailto:netfilter-devel-request@lists.netfilter.org?subject=subscribe>
Sender: netfilter-devel-bounces@lists.netfilter.org
Errors-To: netfilter-devel-bounces@lists.netfilter.org
List-Id: netfilter-devel.vger.kernel.org

D-link and netgear had issues not too long ago for one.  Presumptions are the
root of stupidity, any goon can package something that forgets to strip the
options, just as easily as someone can package something that falsly detects
them being used via a netfilter module.  There's tools out there that scan for
systems that support/forward [ls]srr.

-Cody Tubbs

> 
> Cody Tubbs wrote:
> > I'm not going to indulge in 101 stuff regarding loose/strict source 
> > attacks, google enjoys 101 much more.
> > 
> > http://www.spirit.com/Network/net0300.html (section: Source Route)
> > 
> > http://seclists.org/lists/pen-test/2003/May/0023.html
> 
> Which system accepts source route options nowadays? You most likely
> have more serious problems than this.
> 
> 

____________________________________________
E-Mail sent with Broadway Internet Web Mail.
<a href="http://www.broadwayinternet.com/webadmin">http://www.BroadwayInternet.com