Because the IP source routing option neglects the intermediate forwarding processes through various devices along the packet transmission path, regardless of the working status of forwarding interfaces, it may be utilized by malicious attackers to probe the network structure.
In the IP routing technology, the transfer path of an IP packet is determined by the routers on the network according to the destination address of the packet. Nevertheless, a method for the packet sender to determine the packet transfer path is also provided. This method is the source route option. The source route option allows the source site to specify a route to the destination to cover the route options of intermediate routers. The source route option is usually used for fault diagnosis of network paths and temporary transmission of certain special services. The source route option neglects the intermediate forwarding processes through devices along the packet transmission path and does not consider the working state of the forwarding interfaces; therefore, this option may be used by malicious attackers to probe the network structure.
After the attack defense against IP packet with the source route option is configured, the device checks whether incoming packets contain the source route option. If yes, the packets are discarded.