A friend of mine directed me to this thread. Source routed packets
can indeed be used to spoof IP connections, and I've written a tool
to do it. It's available at http://www.synacklabs.net/projects/lsrtunnel
If you simply want to check host behaviour to see if you can spoof
connections, I've written a scanner at
http://www.synacklabs.net/projects/lsrscan
Short story is Solaris < 8 will reverse source routes by default, and
Windows boxes will reverse source routes by default. The BSDs and
Linuces I've tested mostly block source routed packets by default.
Todd