From: Ken Matwie/CanWest/Contr/IBM (kmatwie@xxxxxxxxxx)
Date: Fri Mar 15 2002 - 14:22:19 GMT-3
Are D1 and D2 direct connect with crossover cables into R1 and R2?
"Ahmed Mamoor Amimi" <mamoor@ieee.org>@groupstudy.com on 03/15/2002
09:38:12 AM
Please respond to "Ahmed Mamoor Amimi" <mamoor@ieee.org>
Sent by: nobody@groupstudy.com
To: "Mannan Venkatesan" <mv_lab@hotmail.com>, "lab"
<ccielab@groupstudy.com>
cc:
Subject: Re: Fooling the router
interesting ... i will try this
-Mamoor
----- Original Message -----
From: Mannan Venkatesan <mv_lab@hotmail.com>
To: lab <ccielab@groupstudy.com>
Sent: Friday, March 15, 2002 9:11 PM
Subject: Fooling the router
> Guys,
> One of friend brought up a good question and we tested it. Here it goes,
>
> D1-----R1----------R2-----D2
>
> R1 is connected to R2 through P-t-P serial link. I used 10.1.1.1/24
address on
> R1's serial interface and R2 had 20.2.2.2/24. R1 has a static route to D2
> (desktop) with next-hop, 10.1.1.2(non exist address). R2 has a static
route to
> D1 with next-hop, 20.2.2.1(non-exist address again).
>
> When I tried to ping D2 from D1, R1 and R2 never change the source and
> destination address (normal behavior) and it worked with R1 and R2
directly
> connected using totally different network addresses.
>
> Ofcourse this will not work if the routers originates any packet but they
> don't do any check if the packet are originated from desktops. Is it kind
of a
> security hole?
>
> Regards,
> Mannan Venkatesan
> CCIE # 8906, CCNP, CCDP,
> Lucent Technologies - ESS
> King of Prussia,
> Pager: 888-663-3853
> Email: mv70@lucent.com
> Epage: page_mannan_venkatesan@ins.com
>
> "You can swim all day in the Sea of Knowledge and still come out
completely
> dry. Most people do."
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:09 GMT-3