[Snort-users] IP Option lsrre
This is a discussion on [Snort-users] IP Option lsrre within the Snort forums, part of the System Security and Security Related category; I originally posted this on #snort on irc.freenode.org. I'm posting it here for more visibility. I had ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-07-2007
|
|||
|
|||
[Snort-users] IP Option lsrre
I originally posted this on #snort on irc.freenode.org. I'm posting
it here for more visibility. I had a question about "ipopts:lsrre;". A search on google turned up several comments about lsrre being an undocumented option. In misc.rules, sid:501, there is a reference to a MS source routing vulnerability, MS99-038. In the file sf_snort_packet.h, the define statement sets IPOPTION_LSRR to 0x83. This corresponds to the decimal value of 131 for Loose Source and Record Route as specified in RFC 791. IPOPTION_SSRR is set to 0x89, which corresponds to the decimal value of 137 for Strict Source and Record Route as specified in RFC 791. IPOPTION_LSRR_E is set to 0x84, or decimal value 132. http://iana.org/assignments/ip-parameters doesn't list value 132 as a valid IP option. The vulnerability report for MS99-038 doesn't include enough details. I wasn't able to find exploit code for MS99-038. Either way, it looks like ipopts:lsrre; will trigger when an invalid IP option value of 132 is detected. Does anyone see something different? ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
