Source routing concepts
Source routing is basically an option in IP (layer 3) where a packet can instruct a gateway (for example the sonciwall) which hops to send the packet to. Its like the client deciding which route the packets should take. Now this of course is kinda bad because if the client (let’s say he’s a hacker) decides on the path, then he can route all traffic to some listening box, doing all sorts of stuff to the traffic passing through it.
It also means that the hacker can make an attack seem as if its originating from another PC, or even “bounce” an attack. For example, lets say yo have a business CompanyA, which is very well protected. But CompanyA is partners with CompanyB and they have VPNs running to and from each other. CompanyB is not very well protected. If a hacker compromises CompanyB, he / she can use source routed packets to attack CompanyA by traversing through CompanyB… nasty huh?
So , its not good having the source routed packets, that’s why we drop them…
FYI… the IP header of a source routed packet include the desired routing hops like so:
Note the “loose source route” and our gateway (10.71.10.254) specified in the packet
Compare this to a normal packet:
You see no loose routing and the destination is directly 188.8.131.52
Also FYI, source generated packets can easily be generated using the ping –j command
ping –j [next hop list] target
For example I used ping –j 10.71.10.254 184.108.40.206 to create all the above traffic.
More information for the ping command in microsoft from here : http://technet.microsoft.com/en-us/library/bb490968.aspx
You would get no response to these packets because our gateway drops them for security