Skip to main content

Source Routing



There are two types of Source Routing possible in IP packet.


Loose Source and Record Route 
The loose source and record route (LSRR) option provides a means for the source of an internet datagram to supply routing information to be used by the gateways in forwarding the datagram to the destination, and to record the route information.
MAC headerIP headerIP option 3Data :::

 IP Option 3:
0001020304050607080910111213141516171819202122232425262728293031
TypeLengthPointerRoute [] :::

 Type. 8 bits. Always set to 131.
0001020304050607
CClassOption

 C, Copy flag. 1 bit. Set to 1.
Indicates the option is to be copied into all fragments.

 Class. 2 bits. Cleared to 0.
The option is a control option.

 Option. 5 bits. Set to 3.
The IP option number.

 Length. 8 bits.
Total length of the option in bytes.

 Pointer. 8 bits.

 Route []. Variable length.
An array of 32 bit IP addresses.


Strict Source and Record Routes
The strict source and record route (SSRR) option provides a means for the source of an internet datagram to supply routing information to be used by the gateways in forwarding the datagram to the destination, and to record the route information.The recorded route address is the internet module's own internet address as known in the environment into which this datagram is being forwarded.This procedure of replacing the source route with the recorded route (though it is in the reverse of the order it must be in to be used as a source route) means the option (and the IP header as a whole) remains a constant length as the datagram progresses through the internet.This option is a strict source route because the gateway or host IP must send the datagram directly to the next address in the source route through only the directly connected network indicated in the next address to reach the next gateway or host specified in the route.Must be copied on fragmentation. Appears at most once in a datagram.
MAC headerIP headerIP option 9Data :::

 IP Option 9:
0001020304050607080910111213141516171819202122232425262728293031
TypeLengthPointerRoute Data [] :::

 Type. 8 bits. Set to 137.
0001020304050607
CClassOption

C, Copy flag. 1 bit. Set to 1.
Indicates the option is to be copied into all fragments.

 Class. 2 bits. Cleared to 0.
This is a control option.

 Option. 5 bits. Set to 9.
The IP option number.
Length. 8 bits.
Total length of the option.

Pointer. 8 bits. 4 to 255
The pointer into the route data indicates the byte which begins the next source address to be processed. The pointer is relative to this option.

If the address in destination address field has been reached and the pointer is not greater than the length, the next address in the source route replaces the address in the destination address field, and the recorded route address replaces the source address just used, and pointer is increased by four.


Route Data []. Variable length.
A route data is composed of a series of internet addresses. Each internet address is 32 bits. If the pointer is greater than the length, the source route is empty (and the recorded route full) and the routing is to be based on the destination address field.

Comments

Post a Comment

Popular posts from this blog

Hacking Windows 10 UWP App: DLL Injection & common Vulnerabilities

I recently started working on  widows 10 Apps( Apps not Applications) security. Before diving deep in hacking terms lets try to understand what's new in Windows 10 UWP( Universal Platform) as compared to old Apps. Lets begin with how apps actually work on windows 10(desktop/tablet). Now windows 10 comes with a container only for running apps inside the isolated environment. By default, /APPCONTAINER(Linker Flag) is off. This option modifies an executable to indicate whether the app must be run in the appcontainer process-isolation environment. Specify /APPCONTAINER for an app that must run in the appcontainer environment—for example, a Windows Store app. (The option is set automatically in Visual Studio when you create a Windows Store app from a template.) For a desktop app, specify /APPCONTAINER:NO or just omit the option. The /APPCONTAINER option was introduced in Windows 8. Now there is no registry entry concept for these app in the System HIVE rather they install they own hiv
5 comments
Read more

Installing vmware-11.0 on Ubuntu 15.04 Using kernel Patch

curl http://pastie.org/pastes/9934018/download -o /tmp/vmnet-3.19.patch cd /usr/lib/vmware/modules/source tar -xf vmnet.tar patch -p0 -i /tmp/vmnet-3.19.patch tar -cf vmnet.tar vmnet-only rm -r *-only vmware-modconfig --console --install-all References: http://askubuntu.com/questions/605530/vmware-player-7-1-0-on-ubuntu-15-04-kernel-3-19-0-10-generic-app-loading http://askubuntu.com/questions/617704/failed-to-build-vmnet-for-kernel-3-19
1 comment
Read more

SSI Injection Attack

SSIs are directives present on Web applications used to feed an HTML page with dynamic contents. They are similar to CGIs, except that SSIs are used to execute some actions before the current page is loaded or while the page is being visualized. In order to do so, the web server analyzes SSI before supplying the page to the user. The Server-Side Includes attack allows the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary codes remotely. It can be exploited through manipulation of SSI in use in the application or force its use through user input fields. It is possible to check if the application is properly validating input fields data by inserting characters that are used in SSI directives, like:  Code: < ! # = / . " - > and [a-zA-Z0-9] Another way to discover if the application is vulnerable is to verify the presence of pages with extension .stm, .shtm and .shtml. However, the lack of these type of pages does not mean that th
5 comments
Read more