Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ncar!husc6!bu-cs!kwe
From: kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England))
Newsgroups: comp.protocols.tcp-ip
Subject: Re: IP based authentication of hosts
Summary: Is source routing a problem?
Message-ID: <29416@bu-cs.BU.EDU>
Date: 10 Apr 89 23:01:05 GMT
References: <376@ists.ists.ca>
Reply-To: kwe@buit13.bu.edu (Kent England)
Followup-To: comp.protocols.tcp-ip
Organization: Boston U. Information Technology
Lines: 17
Cc: budd@bu-it.bu.edu tower@bu-it.bu.edu

In article <376@ists.ists.ca> eric@ists.ists.ca (Eric M. Carroll) writes:
>
>A first cut look at the problem suggests that in the world of routers,
>forged IP address can be delivered to the target but responses don't
>get returned to the attacker. A one-way connection. Looks useless at
>first glance.
>
	Seems to me that if the router follows source routing and the
host follows source routing (as required by the Gateway and Hosts
(draft) RFCs) that you can easily spoof IP source addresses.

	If this is true, why is source routing required and not
optional?  Shouldn't I be allowed to turn it off if I worry about the
veracity of source addresses, or I want to implement security levels
that vary by subnet?

	Kent England, Boston University