IP address spoofing using Source Routing
Solution 1:
Now there's some good thinking. But fear not, this is already a known attack:
- http://www.citi.umich.edu/u/provos/papers/secnet-spoof.txt
- http://technet.microsoft.com/en-us/library/cc723706.aspx
Its danger is mitigated by the fact that source routed packets are generally blocked at organizations' boundaries, and also the fact that source routing is disabled by default in server OSes such as FreeBSD and OpenBSD (and at least some of the Linux distributions, e.g. Arch Linux). Quoting from that first link:
The impact of this advisory is greatly diminished due to the large number of organizations which block source routed packets and packets with addresses inside of their networks. Therefore we present the information as more of a 'heads up' message for the technically inclined, and to re-iterate that the randomization of TCP sequence numbers is not an effective solution against this attack.