From: Charles Manafa (charles.manafa@xxxxxxxxxxxxxxxx)
Date: Fri Mar 15 2002 - 15:34:07 GMT-3
If your encapsulation is PPP then the IP addresses can be whatever they
like. These are negotiated during link setup process. Same goes for dial-up
with PPP encaps.
CM
----- Original Message -----
From: "Mannan Venkatesan" <mv_lab@hotmail.com>
To: "lab" <ccielab@groupstudy.com>
Sent: Friday, March 15, 2002 4:11 PM
Subject: Fooling the router
> Guys,
> One of friend brought up a good question and we tested it. Here it goes,
>
> D1-----R1----------R2-----D2
>
> R1 is connected to R2 through P-t-P serial link. I used 10.1.1.1/24
address on
> R1's serial interface and R2 had 20.2.2.2/24. R1 has a static route to D2
> (desktop) with next-hop, 10.1.1.2(non exist address). R2 has a static
route to
> D1 with next-hop, 20.2.2.1(non-exist address again).
>
> When I tried to ping D2 from D1, R1 and R2 never change the source and
> destination address (normal behavior) and it worked with R1 and R2
directly
> connected using totally different network addresses.
>
> Ofcourse this will not work if the routers originates any packet but they
> don't do any check if the packet are originated from desktops. Is it kind
of a
> security hole?
>
> Regards,
> Mannan Venkatesan
> CCIE # 8906, CCNP, CCDP,
> Lucent Technologies - ESS
> King of Prussia,
> Pager: 888-663-3853
> Email: mv70@lucent.com
> Epage: page_mannan_venkatesan@ins.com
>
> "You can swim all day in the Sea of Knowledge and still come out
completely
> dry. Most people do."
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:09 GMT-3