IP source routing can be used by an intruder to gain unauthorized path access by rerouting packets originally destined to use
other network paths to itself. To prevent this and other forms of spoofing attacks, all devices should have this feature turned Various types of spoofing attacks and mitigation techniques are covered in Chapter 7 , "Attack Vectors and Mitigation
Techniques."
IP source route is enabled by default in all IOS as per RFC 1812, "Requirements for IP Version 4 Routers," which specifies that router must support the source route option in the IP header and forward the packets accordingly, unless otherwise explicitly
disabled. The command no ip source-route can be used to disable the IP source-route header options from the global
configuration mode.
Proxy Address Resolution Protocol (ARP)
Proxy ARP is the technique in which a device, usually a router, replies for incoming ARP requests intended for other hosts.
By "faking" its identity, the router accepts responsibility for routing these packets to the "real" destination. All interfaces on devices are enabled to accept and respond to proxy ARP requests.
Proxy ARP, which is defined in 1027, is enabled by default on all interfaces.
Pages:
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145