thanks! man, i guess i have to do it the hard way :)
'jopoy fooler said: > ----- Original Message ----- > From: "Jopoy C. Solano" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, January 30, 2003 6:29 PM > Subject: Re: [plug] OT: how to hide local routes > > >> thanks for the elaborate insight :) >> >> From what i understand this will display "destination unreachable" or >> "Request timeout" > > yes this is for number 2 option by using a firewall... no destination > unreachable here but a request timeout when the packet reaches your > router's box with a TTL value of 1... upon request timeout, some of the > *smart* traceroute program tries to proceed with the next TTL value (TTL > + 1) to determine the next hop because this smart traceroute program > assume that there is a smart router hiding from traceroute program.... > >> I has hoping to hide the route :) it will appear >> to the one executing traceroute or tracert that >> everything's just normal. (no timeouts between the hops and the > destination) > > then use option number 1 :-> > > fooler. > >> >> 'jopoy >> >> >> >> >> fooler said: >> > ----- Original Message ----- >> > From: "Jopoy C. Solano" <[EMAIL PROTECTED]> >> > To: <[EMAIL PROTECTED]> >> > Sent: Thursday, January 30, 2003 3:54 PM >> > Subject: Re: [plug] OT: how to hide local routes >> > >> > >> >> The routers are linux boxes. My idea is that >> >> traceroute can be issued from any machine going through those >> routes without seeing the hops. My purpose is to hide them from >> the students :) hehehe >> >> ...for additonal security if possible. >> > >> > if that the case you really wanted to do, then here are your two >> options for linux OS: >> > >> > 1. hacking the kernel >> > >> > a. edit /usr/src/<linux-kernel-version>/net/ip_forward.c >> > b. look for these two lines under int ip_forward(struct sk_buff >> > *skb) >> > function >> > >> > /* Decrease ttl after skb cow done */ >> > ip_decrease_ttl(iph); >> > >> > c. remark the last line... for example: >> > >> > /* Decrease ttl after skb cow done */ >> > /* ip_decrease_ttl(iph); */ >> > >> > d. recompile your kernel >> > >> > 2 . no hacking of kernel but putting a firewall... for example using >> ipchains >> > >> > ipchains -A output -p icmp -s <ip_address_of_your_server> >> > --icmp-type >> > 11 -j DENY >> > >> > icmp type eleven is TIME EXCEED >> > >> > for freebsd or *BSD users out there, just add to your kernel >> > configuration file with this option "options IPSTEALTH" >> > >> > if you ask, why play with the TTL or time-to-live value in order to >> hide a router along the path when using a traceroute program? >> > >> > here is the algorithm of traceroute program (take note that >> traceroute of unix is using udp while microsoft's traceroute is >> using icmp echo packet) >> > >> > for unix traceroute program: >> > >> > traceroute program will try to send the first packet with TTL value >> equals to 1 with destination udp port starts with 32768... when the >> packet was sent out from the host's interface and receive by the >> first router along the path, the first router will decrement the TTL >> value... since the first packet's TTL value is 1 and when the router >> decremented it, the value is 0... according to router's RFC, when >> TTL value is zero, the router must drop the packet and send an icmp >> packet back to the sender with icmp type 11 (time exceeded) and >> either of code 0 (time to live exceeded in transit) or code 1 >> (fragment reassembly time >> > exceeded)... this icmp type 11 packet now has the source ip address >> of the first router along the path in which the traceroute program >> will print this as the first hop... after that, the traceroute >> program will send the second packet with TTL value equals to 2 with >> the same destination udp port number 32768... now this second udp >> packet will pass the first router and decremented it, the TTL value >> is now 1, because it is not zero, it will pass to the second >> router... the second router will process the TTL value which turns >> into zero after processing it... the same procedure as what the >> first router did a while ago by dropping and sending an icmp type 11 >> packet back to the sender... now the traceroute program determined >> the second hop and print it... by then the traceroute program will >> process the third packet which the TTL value is 3 and increments it >> every time it sees an icmp type 11 packet and so on and so forth.... >> > >> > according to router's RFC, only the router decrements the TTL value >> and not the host... so what happen when this udp packet reaches to >> the final destination and host cannot decrement the TTL value? since >> this packet is using udp port 32768.. it will try to connect to that >> host... if that host is not listening on that port, the host will >> send an icmp type 3 (destination unreachable) code 3 (port >> unreachable)... with this, the traceroute program will print the >> final hop... so what happen if there is an udp listening port 32768 >> on that host? the traceroute program will just increase the udp port >> number 32768 one at a time until it sees an icmp type 3 code 3... or >> number of tries and give up because the host is down or the link is >> broken... >> > >> > for microsoft's traceroute, the same technique with unix's >> traceroute using TTL to determined the number of hops along the path >> but instead it uses icmp echo packet so that the final host >> destination will just reply an icmp reply packet... >> > >> > now you know how traceroute program works, you already understand >> why i disable a function to decrement the ttl value of an ip header >> or putting a firewall on it... >> > >> > fooler. >> > >> > >> > _ >> > Philippine Linux Users Group. Web site and archives at >> > http://plug.linux.org.ph To leave: send "unsubscribe" in the body to >> [EMAIL PROTECTED] >> > >> > Fully Searchable Archives With Friendly Web Interface at >> > http://marc.free.net.ph >> > >> > To subscribe to the Linux Newbies' List: send "subscribe" in the >> body to [EMAIL PROTECTED] >> >> >> >> _ >> Philippine Linux Users Group. Web site and archives at > http://plug.linux.org.ph >> To leave: send "unsubscribe" in the body to >> [EMAIL PROTECTED] >> >> Fully Searchable Archives With Friendly Web Interface at > http://marc.free.net.ph >> >> To subscribe to the Linux Newbies' List: send "subscribe" in the body >> to > [EMAIL PROTECTED] > > _ > Philippine Linux Users Group. Web site and archives at > http://plug.linux.org.ph To leave: send "unsubscribe" in the body to > [EMAIL PROTECTED] > > Fully Searchable Archives With Friendly Web Interface at > http://marc.free.net.ph > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to > [EMAIL PROTECTED] _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
