Re: [c-nsp] Hidiing a traceroute
ICMP type 8 with incrementing TTL is Windows tracert. Unix traceroute is UDP starting with port 33434 through (33434+max number of hops-1). Starting port is user-configurable. And there is also tcptraceroute: http://en.wikipedia.org/wiki/Tcptraceroute What you need is to block tracert/traceroute/tcptraceroute response, which is ICMP TTL Exceeded, towards untrusted IP addresses. Rgds Alex -- From: techt...@gmail.com Date: 10 October 2009 21:32 To: mail...@pobox.com; 'Jason Alex' amr.c...@gmail.com Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Hidiing a traceroute Not so accurate, in an MPLS network you can disable the process which copies the IP TTL from the header to the label and vice verse. By doing that you are hiding the MPLS core routers from a traceroute operation. As for an IP network you can either discard or drop an ICMP type 8 (echo request) And by that block the traceroute operation, The user will get asterisks marks instead of the IP of the router. MTC. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Hector Herrera Sent: Saturday, October 10, 2009 9:55 PM To: Jason Alex Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Hidiing a traceroute On Sat, Oct 10, 2009 at 12:21 PM, Jason Alex amr.c...@gmail.com wrote: Dear All, I want to hide a traceroute hops inside my network i know you can hide the traceroute inside an MPLS network can we hide also the traceroute inside an IP network Thanks In advance Regards Jason CCIE#24775 An MPLS network hides the network hops because as far as the packet is concerned, the MPLS network is a tunnel with no router hops. To hide a traceroute inside a L3 network, you need to block ICMP TTL-expired messages from the hops you want to hide. However, the hops will still be visible since every router decrements the TTL by one, and the traceroute source will notice it is missing TTL-expired messages from your hidden hops. Hector ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.421 / Virus Database: 270.14.9/2427 - Release Date: 10/10/09 06:39:00 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Hidiing a traceroute
Jason Alex wrote: Dear All, I want to hide a traceroute hops inside my network i know you can hide the traceroute inside an MPLS network can we hide also the traceroute inside an IP network The number of hops? not unless you know a way to disable the TTL decrementing mechanism, no. The identity of hops? Block ICMP Time Exceeded. For example : access-list 100 deny icmp any any ttl-exceeded CCIE#24775 Oh man. How many Weetos tokens did you have to collect for that? adam. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Hidiing a traceroute
Dear All, I want to hide a traceroute hops inside my network i know you can hide the traceroute inside an MPLS network can we hide also the traceroute inside an IP network Thanks In advance Regards Jason CCIE#24775 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Hidiing a traceroute
On Sat, Oct 10, 2009 at 12:21 PM, Jason Alex amr.c...@gmail.com wrote: Dear All, I want to hide a traceroute hops inside my network i know you can hide the traceroute inside an MPLS network can we hide also the traceroute inside an IP network Thanks In advance Regards Jason CCIE#24775 An MPLS network hides the network hops because as far as the packet is concerned, the MPLS network is a tunnel with no router hops. To hide a traceroute inside a L3 network, you need to block ICMP TTL-expired messages from the hops you want to hide. However, the hops will still be visible since every router decrements the TTL by one, and the traceroute source will notice it is missing TTL-expired messages from your hidden hops. Hector ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Hidiing a traceroute
Not so accurate, in an MPLS network you can disable the process which copies the IP TTL from the header to the label and vice verse. By doing that you are hiding the MPLS core routers from a traceroute operation. As for an IP network you can either discard or drop an ICMP type 8 (echo request) And by that block the traceroute operation, The user will get asterisks marks instead of the IP of the router. MTC. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Hector Herrera Sent: Saturday, October 10, 2009 9:55 PM To: Jason Alex Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Hidiing a traceroute On Sat, Oct 10, 2009 at 12:21 PM, Jason Alex amr.c...@gmail.com wrote: Dear All, I want to hide a traceroute hops inside my network i know you can hide the traceroute inside an MPLS network can we hide also the traceroute inside an IP network Thanks In advance Regards Jason CCIE#24775 An MPLS network hides the network hops because as far as the packet is concerned, the MPLS network is a tunnel with no router hops. To hide a traceroute inside a L3 network, you need to block ICMP TTL-expired messages from the hops you want to hide. However, the hops will still be visible since every router decrements the TTL by one, and the traceroute source will notice it is missing TTL-expired messages from your hidden hops. Hector ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.421 / Virus Database: 270.14.9/2427 - Release Date: 10/10/09 06:39:00 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Hidiing a traceroute
http://www.cisco.com/en/US/docs/ios/mpls/command/reference/mp_m1.html#wp1013846 Not so accurate, in an MPLS network you can disable the process which copies the IP TTL from the header to the label and vice verse. By doing that you are hiding the MPLS core routers from a traceroute operation. As for an IP network you can either discard or drop an ICMP type 8 (echo request) And by that block the traceroute operation, The user will get asterisks marks instead of the IP of the router. MTC. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Hector Herrera Sent: Saturday, October 10, 2009 9:55 PM To: Jason Alex Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Hidiing a traceroute On Sat, Oct 10, 2009 at 12:21 PM, Jason Alex amr.c...@gmail.com wrote: Dear All, I want to hide a traceroute hops inside my network i know you can hide the traceroute inside an MPLS network can we hide also the traceroute inside an IP network Thanks In advance Regards Jason CCIE#24775 An MPLS network hides the network hops because as far as the packet is concerned, the MPLS network is a tunnel with no router hops. To hide a traceroute inside a L3 network, you need to block ICMP TTL-expired messages from the hops you want to hide. However, the hops will still be visible since every router decrements the TTL by one, and the traceroute source will notice it is missing TTL-expired messages from your hidden hops. Hector ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.421 / Virus Database: 270.14.9/2427 - Release Date: 10/10/09 06:39:00 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/