Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: getting different ttl values for the same IP

from [Sahir Hidayatullah] Network Security [Permanent Link]
Subject: RE: getting different ttl values for the same IP
Date: Thu, 29 Dec 2005 00:28:29 +0530 
Looks like it might be some kind of load balancing device and you're seeing
the TTL's of the systems *behind* the balancer.

Since almost all operating systems have an initial TTL of either 32,64,128
or 255, you can probably say that the first response is a host 25 hops away
(255-230) and the second response is 26 hops away (128-102). This would
imply one more hop till the system with the TTL of 128.

The initial TTL of 128 might be a Windows box, while a default TTL of 255
could be a Solaris box. You can have a look at this (slightly outdated)
database:
http://project.honeynet.org/papers/finger/traces.txt

Perhaps making a few connections and checking the IPIDs will help you.

Cheers,

Sahir Hidayatullah
Technical Consultant - Information Security
--------------------------------------
MIEL e-Security Pvt. Ltd.
C- 611 / 612, Floral Deck Plaza,
MIDC Central Road, Andheri (E),
Mumbai 400 093, India.
Tel No:+ 91 (022) 2821 5050
PGP KeyID: 0x4F5EC345
Fingerprint: F4C2 7274 792E 8E39 D90D  BA02 C070 B4BF 4F5E C345


-----Original Message-----
From: aqua.le0@gmail.com [mailto:aqua.le0@gmail.com] 
Sent: Wednesday, December 28, 2005 6:38 PM
To: pen-test@securityfocus.com
Subject: getting different ttl values for the same IP

Hi all

While performing a TCP traceroute using cain&able i got different ttl values
for the same ip, can anyone explain about this


10.10.10.10;401 ms (TTL=230) - TTL exceeded;411 ms (TTL=230) - TTL
exceeded;500 ms (TTL=230) - TTL exceeded;(Unknown)

10.10.10.10;400 ms (TTL=106) - Echo Reply;401 ms (TTL=102) - Echo Reply;400
ms (TTL=102) - Echo Reply;(Unknown);

Rgds

Aqua

----------------------------------------------------------------------------
--
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities to SQL injection, Cross site scripting and other web attacks
before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: getting different ttl values for the same IP, Joachim Schipper
Next by Date:  TTL DB, Christophe Herault
Previous by Thread:  Re: getting different ttl values for the same IP, Joachim Schipper
Next by Thread:  Re: getting different ttl values for the same IP, Pieter Danhieux
Indexes:  [Date] [Thread] [Top] [All Lists]