From: dwhitley@xxxxxxxxx
Date: Fri Mar 15 2002 - 14:05:24 GMT-3
I would think this is normal behavior. The next-hop doesn't matter, the
router only checks that to find what interface to use. So your telling R1
all packets for D2 send to serial port. Did you try extended ping on R1
using the source address of the D1 interface to ping to D2. It should work
as well.
-----Original Message-----
From: Mannan Venkatesan [mailto:mv_lab@hotmail.com]
Sent: Friday, March 15, 2002 11:12 AM
To: lab
Subject: Fooling the router
Guys,
One of friend brought up a good question and we tested it. Here it goes,
D1-----R1----------R2-----D2
R1 is connected to R2 through P-t-P serial link. I used 10.1.1.1/24 address
on
R1's serial interface and R2 had 20.2.2.2/24. R1 has a static route to D2
(desktop) with next-hop, 10.1.1.2(non exist address). R2 has a static route
to
D1 with next-hop, 20.2.2.1(non-exist address again).
When I tried to ping D2 from D1, R1 and R2 never change the source and
destination address (normal behavior) and it worked with R1 and R2 directly
connected using totally different network addresses.
Ofcourse this will not work if the routers originates any packet but they
don't do any check if the packet are originated from desktops. Is it kind of
a
security hole?
Regards,
Mannan Venkatesan
CCIE # 8906, CCNP, CCDP,
Lucent Technologies - ESS
King of Prussia,
Pager: 888-663-3853
Email: mv70@lucent.com
Epage: page_mannan_venkatesan@ins.com
"You can swim all day in the Sea of Knowledge and still come out completely
dry. Most people do."
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:09 GMT-3