Subject: Re: question about ipf "fastroute"
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Seth Kurtzberg <seth@cql.com>
List: tech-net
Date: 02/13/2003 15:25:53
der Mouse,
I'm sure your interpretation of the question is correct. I was just asking
whether you thought the logic applied to source routing (as in ICMP, which
uses the options you note below) applied in this situation. If I understand
your reply, the answer is no, they are not comparable situations.
On Thursday 13 February 2003 03:11 pm, der Mouse wrote:
> >>> I want to do source address based routing for some particular IPs.
> >>
> >> I have a pseudo-interface driver that does exactly this: [...]
> >
> > Do you consider this a security issue?
>
> No.
>
> > I know that in general source routing is frowned about by security
> > folks, but I'm not sure if that applies to this situation.
>
> As I understand it it does not.
>
> My understanding is that "source routing" as it is used in the contexts
> in which it is (as you say) frowned upon does not refer to routing
> based on ip_src, which is what's under discussion here, but rather to
> obeying SSRR and LSRR IP options. The latter is completely orthogonal
> to the type of routing I was talking about. (And, unless I
> misunderstood, what the original poster was talking about.)
>
> /~\ The ASCII der Mouse
> \ / Ribbon Campaign
> X Against HTML mouse@rodents.montreal.qc.ca
> / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
--
Seth Kurtzberg
M. I. S. Corp.
480-661-1849
seth@cql.com