Guest

Cisco Security

Cisco Security

IP options-Strict Source Route

 
Signature ID: 1006/0
Original Release:S2
Release:S756 (download)
Original Release Date:2001 February 02
Latest Release Date:2013 November 27
Default Enabled:True
Default Retired:False
CVE:CVE-2006-2379
BugTraq ID:18374
Alarm Severity:High
Fidelity:100 

Description

Triggers on receipt of an IP datagram in which the IP option list for the datagram includes option 9 (Strict Source Routing), the value of which is 137. The Strict Source Route option may be used to specify the exact path a packet must traverse in route to its destination.The IP options list contains one or more options that perform various network management or debugging tasks. The first field of each option in the list consists of an eight bit code field that is broken into three subfields:COPY (Bit 0):Specifies to routers if the option information should be included in fragment headers. CLASS (Bits 1-2): Specifies 1 of 2 valid option classes: Network Control, DebuggingNUMBER (Bits 3-7): Specifies one of eight valid IP options. Option zero indicates end of list.This option may be misused to defeat authentication mechanisms that rely on IP addresses as their basis for trust relationships. The limited number of routes that may be stored in the options field minimize the usefulness of this option as a mode of attack across large internets.

Recommended Filter

No recommended filters.

Benign Triggers

While network troubleshooting may require the legitimate use of this feature, this type of traffic is rarely if ever noted and should comprise much less than 1% of network traffic. Small amounts of source routed traffic most probably indicates that a network problem is being investigated. Large amounts of source routed traffic is more suspicious and a thorough investigation of the source and reason is indicated.

IntelliShield Alerts

IntelliShield ID Headline VersionCVSS ScoreLast Published
11108Microsoft TCP/IP Source Route Code Execution Vulnerability42006 June 29 18:52 GMT

Download

To download this and other IPS update files, please go to Cisco Secure Software Download.

LEGAL DISCLAIMER
THE INFORMATION ON THIS PAGE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION CONTAINED HEREIN, OR MATERIALS LINKED FROM THE DOCUMENT, IS AT YOUR OWN RISK. INFORMATION IN THIS DOCUMENT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
Powered by  IntelliShield