--> Source routing is a technique whereby the sender of a packet can specify the route that a packet should take through the network.
--> As a packet travels through the network, each router will examine the destination IP address and choose the next hop to forward the packet to.
--> In source routing, the "source" (i.e., the sender) makes some or all of these decisions.
--> Cisco routers normally accept and process source routes. Unless a network depends on it, source routing should be disabled.
--> Attackers can use source routing to probe the network by forcing packets into specific parts of the network.
--> Using source routing, an attacker can collect information about a network's topology, or other information that could be useful in performing an attack.
--> During an attack, an attacker could use source routing to direct packets to bypass existing security restrictions.
--> Use the 'no ip source-route' command to disable IP source routing on the Cisco router.
--> As a packet travels through the network, each router will examine the destination IP address and choose the next hop to forward the packet to.
--> In source routing, the "source" (i.e., the sender) makes some or all of these decisions.
--> Cisco routers normally accept and process source routes. Unless a network depends on it, source routing should be disabled.
--> Attackers can use source routing to probe the network by forcing packets into specific parts of the network.
--> Using source routing, an attacker can collect information about a network's topology, or other information that could be useful in performing an attack.
--> During an attack, an attacker could use source routing to direct packets to bypass existing security restrictions.
--> Use the 'no ip source-route' command to disable IP source routing on the Cisco router.
No comments:
Post a Comment