[c-nsp] Hidiing a traceroute

Alex ecralar at hotmail.com
Sun Oct 11 03:55:30 EDT 2009


ICMP type 8 with incrementing TTL is Windows tracert.
Unix traceroute is UDP starting with port 33434 through (33434+<max number 
of hops>-1). Starting port is user-configurable.
And there is also tcptraceroute: http://en.wikipedia.org/wiki/Tcptraceroute
What you need is to block tracert/traceroute/tcptraceroute response, which 
is ICMP TTL Exceeded, towards untrusted IP addresses.
Rgds
Alex

--------------------------------------------------
From: <techtalm at gmail.com>
Date: 10 October 2009 21:32
To: <mail4hh at pobox.com>; "'Jason Alex'" <amr.ccie at gmail.com>
Cc: <cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] Hidiing a traceroute

> Not so accurate, in an MPLS network you can disable the process which 
> copies
> the IP TTL from the header to the label and vice verse. By doing that you
> are "hiding" the MPLS core routers from a traceroute operation.
>
> As for an IP network you can either discard or drop an ICMP type 8 (echo
> request)
> And by that block the traceroute operation, The user will get asterisks
> marks instead of the IP of the router.
>
> MTC.
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Hector Herrera
> Sent: Saturday, October 10, 2009 9:55 PM
> To: Jason Alex
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Hidiing a traceroute
>
> On Sat, Oct 10, 2009 at 12:21 PM, Jason Alex <amr.ccie at gmail.com> wrote:
>> Dear All,
>>             I want to hide a traceroute hops inside my network
>> i know you can hide the traceroute inside an MPLS network
>>
>> can we hide also the traceroute inside an IP network
>>
>> Thanks In advance
>>
>> Regards
>> Jason
>> CCIE#24775
>
> An MPLS network hides the network hops because as far as the packet is
> concerned, the MPLS network is a tunnel with no router hops.
>
> To hide a traceroute inside a L3 network, you need to block ICMP
> TTL-expired messages from the hops you want to hide.  However, the
> hops will still be visible since every router decrements the TTL by
> one, and the traceroute source will notice it is missing TTL-expired
> messages from your hidden hops.
>
> Hector
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.421 / Virus Database: 270.14.9/2427 - Release Date: 10/10/09
> 06:39:00
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/ 



More information about the cisco-nsp mailing list