Network Security: Detailed info on Re: Traceroute question

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Pen-Test

[Top] [All Lists]

Re: Traceroute question

from [Rob Sherwood] Network Security

[Permanent Link]

Subject:	Re: Traceroute question
Date:	Thu, 28 Dec 2006 04:40:48 -0500

On Wed, Dec 27, 2006 at 05:36:58PM -0800, Becky Nelson wrote:

I am running a traceroute and have two hops that report the same
address.  Could someone please explain what would cause this?  I
suspect that this is some type of firewall?


There are a number of things that can cause this, but the most common
is a buggy IP implementation on the first router, which it forwards
packets with a ttl=0.

http://www.freesoft.org/CIE/Topics/54.htm
[snip]
Buggy TCP/IP implementations
    Traceroute depends on a rather obscure feature that often doesn't work
    correctly. Some of the problems people have found: code that fails
    to decrement TTL, code that incorrectly forwards packets with zero
    TTL, code that does not generate ICMP Timeouts, and code that sends
    ICMPs with the same TTL as the original packet. This last problem,
    of course, results in our ICMP Timeouts being sent with zero TTL -
    guaranteed not to make it back to us.

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Traceroute question, Becky Nelson Re: Traceroute question, Marcelo Caceres Re: Traceroute question, sami ghourabi RE: Traceroute question, Tal Argoni Re: Traceroute question, Rob Sherwood <= RE Traceroute question, Francois Labreque Re: RE Traceroute question, Datta Vaidya re: Traceroute question, Robert MacDonald Re: Traceroute question, Cedric Blancher RE: Traceroute question, Omar Salvador Alcalá Ruiz

Previous by Date:	Re: Banner Grabbing, Vikas Singhal
Next by Date:	Re: Virtual environments security, Michel Pereira
Previous by Thread:	RE: Traceroute question, Tal Argoni
Next by Thread:	RE Traceroute question, Francois Labreque
Indexes:	[Date] [Thread] [Top] [All Lists]