10.10.10.10;400 ms (TTL=106) - Echo Reply;401 ms (TTL=102) - Echo Reply;400
ms (TTL=102) - Echo Reply;(Unknown);
This run is the one that bothers me... why does it change from 106 to
102? Where did the alleged four extra hops come from?
Changing from 255-230=25 to 128-103=25 makes sense if a load balancer
is going between two systems of different OSes, which is good for
survivability. But, assuming the max of 255 and 128 are the starting
points, why does the number of hops change from 25 to 22 to 26?
Assuming that the network was laid out by a sane person and doesn't
have 4 or 5 extra devices in the way that are only sometimes used,
obfuscation is the only thing that seems to make sense.
A load balancer switching between a few systems that have different
maxes that then passes through a firewall that subtracts 1-10 hops,
randomly, in order to hide the layout of the network behind it.
I don't suppose at some point you'll be allowed to physically touch
the box and tell us the real answer, will you?
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
