Not so accurate, in an MPLS network you can disable the process which copies the IP TTL from the header to the label and vice verse. By doing that you are "hiding" the MPLS core routers from a traceroute operation.
As for an IP network you can either discard or drop an ICMP type 8 (echo request) And by that block the traceroute operation, The user will get asterisks marks instead of the IP of the router. MTC. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Hector Herrera Sent: Saturday, October 10, 2009 9:55 PM To: Jason Alex Cc: [email protected] Subject: Re: [c-nsp] Hidiing a traceroute On Sat, Oct 10, 2009 at 12:21 PM, Jason Alex <[email protected]> wrote: > Dear All, > I want to hide a traceroute hops inside my network > i know you can hide the traceroute inside an MPLS network > > can we hide also the traceroute inside an IP network > > Thanks In advance > > Regards > Jason > CCIE#24775 An MPLS network hides the network hops because as far as the packet is concerned, the MPLS network is a tunnel with no router hops. To hide a traceroute inside a L3 network, you need to block ICMP TTL-expired messages from the hops you want to hide. However, the hops will still be visible since every router decrements the TTL by one, and the traceroute source will notice it is missing TTL-expired messages from your hidden hops. Hector _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.421 / Virus Database: 270.14.9/2427 - Release Date: 10/10/09 06:39:00 _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
