In message <20020805225221.82473.qmail@sidehack.sat.gweep.net>, bdragon@gweep.n et writes:

I was not aware that responses to source-routed packets were themselves source-routed. I also don't believe it is the case, but am open to being contradicted. If the responses aren't source-routed, then the packets would only return through your network if your network was the path back to the spoofed source.

A friend of mine directed me to this thread. Source routed packets can indeed be used to spoof IP connections, and I've written a tool to do it. It's available at http://www.synacklabs.net/projects/lsrtunnel If you simply want to check host behaviour to see if you can spoof connections, I've written a scanner at http://www.synacklabs.net/projects/lsrscan Short story is Solaris < 8 will reverse source routes by default, and Windows boxes will reverse source routes by default. The BSDs and Linuces I've tested mostly block source routed packets by default. Todd