Results 1 to 2 of 2

Thread: Option IP source routing?

  1. #1

    Thumbs up Option IP source routing?

    Các anh cho em hỏi về chức năng IP source routing dùng để làm gì và tại sao người ta khuyến cáo nên tắt nó đi?

    Thanks.
    Chưa đủ lớn để mong mình bé lại ....

  2. #2
    Join Date
    Jan 2007
    Location
    hcmC
    Posts
    3,254

    Cool

    Chaò!!!
    Đây là một số lỗi bảo mật cuã thiết bị cisco năm 2005:
    3. Điểm yếu trong cấu hình các thiết bị Cisco

    Có một vài lựa chọn cấu hình của Cisco không bảo mật khi để mặc định:

    1.
    Không đặt cài đặt Remote Logging mặc định
    2.
    SNMP Community Strings
    3.
    Để mật khẩu mặc định hoặc không tồn tại mật khẩu mặc định
    4.
    IP Source Routing

    5.
    Dịch vụ TCP và UDP
    6.
    Dịch vụ Finger
    7.
    IP Directed Broadcast
    8.
    Cấu hình HTTP

    IP Source Routing

    The Cisco IOS software examines IP header options on every packet. It supports the IP header options Strict Source Route, Loose Source Route, Record Route, and Time Stamp, which are defined in RFC 791. If the software finds a packet with one of these options enabled, it performs the appropriate action. If it finds a packet with an invalid option, it sends an Internet Control Message Protocol (ICMP) parameter problem message to the source of the packet and discards the packet.
    IP provides a provision known as source routing that allows the source IP host to specify a route through the IP network. Source routing is specified as an option in the IP header. If source routing is specified, the software forwards the packet according to the specified source route. IP source routing is employed when you want to force a packet to take a certain route through the network. The default is to perform source routing. IP source routing is rarely used for legitimate purposes in networks. Some older IP implementations do not process source-routed packets properly, and it may be possible to crash devices running these implementations by sending them datagrams with source routing options. Disable IP source routing whenever possible. Disabling IP source routing will cause a Cisco router to never forward an IP packet that carries a source routing option.
    Nguyên nhân Disable chức năng trên
    Routing and routing protocols can create several problems. The IP source routing, where an IP packet contains details of the path to its intended destination, is dangerous because according to RFC 1122 the destination host must respond along the same path. If an attacker was able to send a source routed packet into your network, then he would be able to intercept (chặn) the replies and fool (đánh lưà) your host into thinking it is communicating with a trusted host. I strongly recommend that you disable IP source routing to protect your server from this hole.
    Chúc vui !!!
    Trần Mỹ Phúc
    tranmyphuc@hotmail.com
    Hãy add nick để có thông tin đề thi mới nhất :tranmyphuc (Hỗ trợ tối đa cho các bạn tự học)

    Cisco Certs : CCNP (Passed TSHOOT 1000/1000)

    Juniper Certs :
    JNCIP-ENT & JNCIP-SEC
    INSTRUCTORS (No Fee) : CISCO (Professional) , JUNIPER (Professional) , Microsoft ...

    [version 4.0] Ôn tập CCNA



Similar Threads

  1. [Dùng GNS3}ISCW LAB: MPLS VPN ROUTING VRF
    By tranmyphuc in forum ISCW
    Replies: 21
    Last Post: 04-06-2012, 02:58 PM
  2. Nghệ thuật NAT
    By tranmyphuc in forum Microsoft
    Replies: 13
    Last Post: 06-05-2011, 09:22 PM
  3. Routing TCP/IP Vol 1 Notes
    By tranmyphuc in forum CCIE Routing & Switching
    Replies: 11
    Last Post: 04-08-2008, 04:04 PM
  4. How to config VPN
    By mynhung in forum VPN
    Replies: 7
    Last Post: 26-06-2008, 06:08 AM
  5. Replies: 4
    Last Post: 05-07-2003, 09:26 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •