Subject: Re: question about ipf "fastroute"
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Seth Kurtzberg <seth@cql.com>
List: tech-net
Date: 02/13/2003 15:25:53
der Mouse,

I'm sure your interpretation of the question is correct.  I was just asking 
whether you thought the logic applied to source routing (as in ICMP, which 
uses the options you note below) applied in this situation.  If I understand 
your reply, the answer is no, they are not comparable situations.

On Thursday 13 February 2003 03:11 pm, der Mouse wrote:
> >>> I want to do source address based routing for some particular IPs.
> >>
> >> I have a pseudo-interface driver that does exactly this: [...]
> >
> > Do you consider this a security issue?
>
> No.
>
> > I know that in general source routing is frowned about by security
> > folks, but I'm not sure if that applies to this situation.
>
> As I understand it it does not.
>
> My understanding is that "source routing" as it is used in the contexts
> in which it is (as you say) frowned upon does not refer to routing
> based on ip_src, which is what's under discussion here, but rather to
> obeying SSRR and LSRR IP options.  The latter is completely orthogonal
> to the type of routing I was talking about.  (And, unless I
> misunderstood, what the original poster was talking about.)
>
> /~\ The ASCII				der Mouse
> \ / Ribbon Campaign
>  X  Against HTML	       mouse@rodents.montreal.qc.ca
> / \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

-- 
Seth Kurtzberg
M. I. S. Corp.
480-661-1849
seth@cql.com