[c-nsp] Hidiing a traceroute

Ivan cisco-nsp at itpro.co.nz
Sat Oct 10 19:05:25 EDT 2009


http://www.cisco.com/en/US/docs/ios/mpls/command/reference/mp_m1.html#wp1013846


> Not so accurate, in an MPLS network you can disable the process which
> copies
> the IP TTL from the header to the label and vice verse. By doing that you
> are "hiding" the MPLS core routers from a traceroute operation.
>
> As for an IP network you can either discard or drop an ICMP type 8 (echo
> request)
> And by that block the traceroute operation, The user will get asterisks
> marks instead of the IP of the router.
>
> MTC.
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Hector Herrera
> Sent: Saturday, October 10, 2009 9:55 PM
> To: Jason Alex
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Hidiing a traceroute
>
> On Sat, Oct 10, 2009 at 12:21 PM, Jason Alex <amr.ccie at gmail.com> wrote:
>> Dear All,
>>             I want to hide a traceroute hops inside my network
>> i know you can hide the traceroute inside an MPLS network
>>
>> can we hide also the traceroute inside an IP network
>>
>> Thanks In advance
>>
>> Regards
>> Jason
>> CCIE#24775
>
> An MPLS network hides the network hops because as far as the packet is
> concerned, the MPLS network is a tunnel with no router hops.
>
> To hide a traceroute inside a L3 network, you need to block ICMP
> TTL-expired messages from the hops you want to hide.  However, the
> hops will still be visible since every router decrements the TTL by
> one, and the traceroute source will notice it is missing TTL-expired
> messages from your hidden hops.
>
> Hector
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.421 / Virus Database: 270.14.9/2427 - Release Date: 10/10/09
> 06:39:00
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list