thanks for the elaborate insight :) >From what i understand this will display "destination unreachable" or "Request timeout" I has hoping to hide the route :) it will appear to the one executing traceroute or tracert that everything's just normal. (no timeouts between the hops and the destination)
'jopoy fooler said: > ----- Original Message ----- > From: "Jopoy C. Solano" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, January 30, 2003 3:54 PM > Subject: Re: [plug] OT: how to hide local routes > > >> The routers are linux boxes. My idea is that >> traceroute can be issued from any machine going through those >> routes without seeing the hops. My purpose is to hide them from the >> students :) hehehe >> ...for additonal security if possible. > > if that the case you really wanted to do, then here are your two options > for linux OS: > > 1. hacking the kernel > > a. edit /usr/src/<linux-kernel-version>/net/ip_forward.c > b. look for these two lines under int ip_forward(struct sk_buff > *skb) > function > > /* Decrease ttl after skb cow done */ > ip_decrease_ttl(iph); > > c. remark the last line... for example: > > /* Decrease ttl after skb cow done */ > /* ip_decrease_ttl(iph); */ > > d. recompile your kernel > > 2 . no hacking of kernel but putting a firewall... for example using > ipchains > > ipchains -A output -p icmp -s <ip_address_of_your_server> > --icmp-type > 11 -j DENY > > icmp type eleven is TIME EXCEED > > for freebsd or *BSD users out there, just add to your kernel > configuration file with this option "options IPSTEALTH" > > if you ask, why play with the TTL or time-to-live value in order to hide > a router along the path when using a traceroute program? > > here is the algorithm of traceroute program (take note that traceroute > of unix is using udp while microsoft's traceroute is using icmp echo > packet) > > for unix traceroute program: > > traceroute program will try to send the first packet with TTL value > equals to 1 with destination udp port starts with 32768... when the > packet was sent out from the host's interface and receive by the first > router along the path, the first router will decrement the TTL value... > since the first packet's TTL value is 1 and when the router decremented > it, the value is 0... according to router's RFC, when TTL value is zero, > the router must drop the packet and send an icmp packet back to the > sender with icmp type 11 (time exceeded) and either of code 0 (time to > live exceeded in transit) or code 1 (fragment reassembly time > exceeded)... this icmp type 11 packet now has the source ip address of > the first router along the path in which the traceroute program will > print this as the first hop... after that, the traceroute program will > send the second packet with TTL value equals to 2 with the same > destination udp port number 32768... now this second udp packet will > pass the first router and decremented it, the TTL value is now 1, > because it is not zero, it will pass to the second router... the second > router will process the TTL value which turns into zero after processing > it... the same procedure as what the first router did a while ago by > dropping and sending an icmp type 11 packet back to the sender... now > the traceroute program determined the second hop and print it... by then > the traceroute program will process the third packet which the TTL value > is 3 and increments it every time it sees an icmp type 11 packet and so > on and so forth.... > > according to router's RFC, only the router decrements the TTL value and > not the host... so what happen when this udp packet reaches to the final > destination and host cannot decrement the TTL value? since this packet > is using udp port 32768.. it will try to connect to that host... if that > host is not listening on that port, the host will send an icmp type 3 > (destination unreachable) code 3 (port unreachable)... with this, the > traceroute program will print the final hop... so what happen if there > is an udp listening port 32768 on that host? the traceroute program will > just increase the udp port number 32768 one at a time until it sees an > icmp type 3 code 3... or number of tries and give up because the host is > down or the link is broken... > > for microsoft's traceroute, the same technique with unix's traceroute > using TTL to determined the number of hops along the path but instead it > uses icmp echo packet so that the final host destination will just reply > an icmp reply packet... > > now you know how traceroute program works, you already understand why i > disable a function to decrement the ttl value of an ip header or putting > a firewall on it... > > fooler. > > > _ > Philippine Linux Users Group. Web site and archives at > http://plug.linux.org.ph To leave: send "unsubscribe" in the body to > [EMAIL PROTECTED] > > Fully Searchable Archives With Friendly Web Interface at > http://marc.free.net.ph > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to > [EMAIL PROTECTED] _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
