# Question about source routing attack



## xfile11 (Jan 3, 2007)

How do I check if my computer suffers from source routing attack or not? How can I prevent from this attack?


----------



## johnwill (Sep 26, 2002)

What makes you think you're under attack?

How about some details on your Internet connection, ISP, make/model of the modem and/or router, version/patch level of Windows in use.


----------



## xfile11 (Jan 3, 2007)

johnwill said:


> What makes you think you're under attack?


I trace the packet route from my computer to the destination host. 
For example, 
1) the packets start from my computer(Hong Kong) -> U.K. -> Egypt -> Taiwan

2) the packets start from my computer(Hong Kong) -> Germany -> U.S. -> Taiwan

3) the packets start from my computer(Hong Kong) -> Japan -> U.S. -> China

The packet routes looks illogical. Every time I spend long time to surf such websites. Especially, the loading time of China websites are average slow. I find that most of the packets pass through Germany before reach Taiwan websites and most of the packets pass through Japan before reach China.




johnwill said:


> How about some details on your Internet connection, ISP, make/model of the modem and/or router, version/patch level of Windows in use.



The OS of my computer is Window XP SP2. My I.E. version is 6.0. I am using cable modem to connect to the Internet. I don't know what kind of routers the ISP uses.


----------



## johnwill (Sep 26, 2002)

You do realize that many of the cables were damaged in the far east by an Earchquake, and routing will be pretty spotty as a result of that, right?

http://www.danwei.org/internet/quake_damage_to_undersea_cable.php


----------



## xfile11 (Jan 3, 2007)

Your answer is reasonable. However, it can't explain that the loading time of the China websites are average slow. The slow loading time happened long time ago before the earthquake. Can you give me a method to detect the source routing attack?


----------



## Cellus (Aug 31, 2006)

The chances are pretty high that the reasons you were getting slow load times, as well as round-about routes, are benign. This is because the Internet as you know it is based on an "opportunistic" design - equipment, transmission methods, routing protocols... they all change multiple times as your information traverses the globe. Not only that, but all those equipment, transmission methods, and routing protocols change themselves in their own respective areas. Equipment goes up, equipment goes down. New lines are set in, old ones are cut out. New routing protocols are adopted, and new routes are taught/learned and old ones discarded. All of this, while transparent to the end-user, influences your experience.

If you are a Home/SOHO user, the chances of being hit by something such as source routing is fairly low. That isn't to say it isn't possible, just pretty low. If you think you may be subject to it, keep an eye out for phishing attempts (fake online banking sites, etc). Use secure logins (w/ SSL) where you can. But again, chances are fairly low.


----------



## johnwill (Sep 26, 2002)

xfile11 said:


> Your answer is reasonable. However, it can't explain that the loading time of the China websites are average slow. The slow loading time happened long time ago before the earthquake. Can you give me a method to detect the source routing attack?


Well, one reason is that China has heavy censorship, and so I expect that there are additional delays for that processing. I really doubt you're under attack.


----------

