0

I am just wondering, how the TCP segments can be mis-routed, isn't the original source and the ultimate destination in the IP header never get touched!

0xab3d
  • 527
  • 1
  • 6
  • 14
  • There is no 'mis-routing' of TCP packets - http://stackoverflow.com/questions/15601389/if-tcp-is-connection-oriented-why-do-packets-follow-different-paths – Prabhu May 24 '15 at 15:11
  • How come it's mentioned in the RFC 793 (TCP) page 17... "This pseudo header contains the Source Address, the Destination Address, the Protocol, and TCP length. This gives the TCP protection against misrouted segments." – 0xab3d May 24 '15 at 15:16
  • @Prabhu There is nothing in in that link that supports your contention. Mis-routing can happen any time a router is mis-configured. – user207421 May 24 '15 at 16:52
  • Sorry. I had interpreted the question as packets taking different routes. – Prabhu May 24 '15 at 17:13

3 Answers3

1

Normally, routing errors have little to do with packet headers. As you said, the headers shouldn't be changed, so the source and destination addresses remain unless there are undetected packet errors (which do happen). So unless someone modified a packet in the network, or there's some undetected error, the packets themselves aren't the problem.

What might happen though is that a packet might be mis-routed due to routing convergence (which can take a while), or simply due to router misconfiguration.

Malt
  • 28,965
  • 9
  • 65
  • 105
0

I posted the question on Google+ and I got the answer, here's the link https://plus.google.com/+AbedAhmadAlZaben/posts/GxvraNY6oom.

Lars Staalhagen answered me with the following:

Yes, it is actually possible that errors could occur in the IP-header that would be undetected by the IP-checksum. Every error-detecting code, i.e., checksum, has a property called the residual error rate, which is the (normally low) probability that errors are not detected. To see why this is the case, consider two valid messages, M1 and M2. If we calculate the Exclusive-OR (XOR) of these, we get

 E = M1 XOR M2

Suppose then that M1 is transmitted, but during transmissions, some bits are changed due to errors. If the positions of the errors are identical to the positions in E where E contains '1'-bits, the received message can be calculated as

 M1 XOR E

but due to the properties of the XOR-function, M1 XOR E is identical to M2, i.e., another valid message. So the errors changed M1 into M2, which will not be detected by the checksum, since M2 is also a valid message.

In practice, however, this is not a serious issue, since IP-packets are usually encapsulated in e.g., MAC-frames which has a checksum with a much lower residual error rate that the IP-checksum. So transmission errors will usually always be caught at the MAC-layer, which is also why IP version 6 doesn't have a checksum field, but relies instead on the checksum of the lower layers.

0xab3d
  • 527
  • 1
  • 6
  • 14
-1

There are many attacks can do that spoofing or 'man in the middle attack' or 'denial of service attack' based or 'syn flood' based on 'three way hand shake (TCP).'

user207421
  • 305,947
  • 44
  • 307
  • 483
auth private
  • 1,318
  • 1
  • 9
  • 22
  • Nothing to do with misrouting. Don't use code formatting for text that isn't code. – user207421 May 24 '15 at 16:48
  • sorry ? nothing to do with misrouting ???? routing attacks can also be used for denial of service specifically, if the route to a secure destination is changed to require use of an insecure link, the two hosts will not be able to communicate. This change would probably be detected rather quickly though, since the gateway that noticed the misrouted packet would flag it as a security problem and what about syn flood or any other types of tcp attacks ?????? – auth private May 24 '15 at 16:58