[c-nsp] Hidiing a traceroute

Hector Herrera mail4hh at pobox.com
Sat Oct 10 15:55:22 EDT 2009


On Sat, Oct 10, 2009 at 12:21 PM, Jason Alex <amr.ccie at gmail.com> wrote:
> Dear All,
>             I want to hide a traceroute hops inside my network
> i know you can hide the traceroute inside an MPLS network
>
> can we hide also the traceroute inside an IP network
>
> Thanks In advance
>
> Regards
> Jason
> CCIE#24775

An MPLS network hides the network hops because as far as the packet is
concerned, the MPLS network is a tunnel with no router hops.

To hide a traceroute inside a L3 network, you need to block ICMP
TTL-expired messages from the hops you want to hide.  However, the
hops will still be visible since every router decrements the TTL by
one, and the traceroute source will notice it is missing TTL-expired
messages from your hidden hops.

Hector


More information about the cisco-nsp mailing list