¨Works if routers support source routing
¨Attacker generates TCP SYN packet destined for trusting server containing spoofed IP address of trusted machine and fake source route in IP header
¨Trusting server will reply with a SYN-ACK packet containing a source route from trusting server to attacker to trusted machine.
¨Attacker receives the reply but does not forward it to the trusted machine.
¨Attacker can pose as trusted machine and have interactive
sessions with trusting machine
¨