From: Jorge Alfredo Garcia (frederix@gmail.com)
Date: Fri Sep 16 2005 - 13:22:47 EDT
im trying hopkake by xenion to do some testings about traceroute.
Im having some problem testing the code from different locations for
example a traceroute from my own country against an ip on my conutry
works fine:
C:\>tracert 200.125.36.216
Traza a la dirección r200-125-36-216-dialup.adsl.anteldata.net.uy [200.125.36.21
6]
sobre un máximo de 30 saltos:
1 18 ms 19 ms 19 ms agu2bras1.antel.net.uy [200.40.0.67]
2 47 ms 50 ms 47 ms spider.ncts.navy.mil [138.147.50.5]
3 44 ms 49 ms 52 ms www.army.mil [140.183.234.10]
4 51 ms 49 ms 49 ms darpademo1.darpa.mil [192.5.18.104]
5 47 ms 49 ms 49 ms iso.darpa.mil [192.5.18.105]
6 43 ms 53 ms 49 ms ws18-106.darpa.mil [192.5.18.106]
7 47 ms 49 ms 49 ms dtsn.darpa.mil [192.5.18.107]
8 47 ms 49 ms 49 ms daml.darpa.mil [192.5.18.108]
9 47 ms 49 ms 49 ms border.hcn.hq.nasa.gov [198.116.142.1]
10 198.116.142.34 informes: Red de destino inaccesible.
Traza completa.
Those address are fake ones using the techinique of sending differents
icmp packets with the last one.
C:\>
But a tracert from spain to uruguay doesnt seeems to work properly:
[root@ns20303 dark]# traceroute 200.125.34.234
traceroute to 200.125.34.234 (200.125.34.234), 30 hops max, 38 byte packets
1 p19-11-m1.routers.ovh.net (213.251.133.253) 0.737 ms 0.717 ms 0.814 ms
2 p19-7-6k.routers.ovh.net (213.186.32.65) 0.379 ms 0.337 ms 0.486 ms
3 th2-1-6k.routers.ovh.net (213.186.32.4) 1.037 ms 0.622 ms 0.722 ms
4 th2-1-6k.routers.ovh.net (213.186.32.250) 0.764 ms 0.802 ms 0.701 ms
5 ge-0-0-0-4.r00.parsfr01.fr.bb.verio.net (81.25.193.166) 0.962 ms
0.940 ms 0.931 ms
6 p4-1-1-2.r21.londen03.uk.bb.verio.net (129.250.2.87) 8.015 ms
8.044 ms 8.036 ms
7 p16-0-0-0.r80.nycmny01.us.bb.verio.net (129.250.5.91) 81.659 ms
81.680 ms 81.899 ms
8 p16-0-1-3.r21.nycmny01.us.bb.verio.net (129.250.2.170) 81.689 ms
81.785 ms 81.878 ms
9 p16-7-0-0.r04.nycmny01.us.bb.verio.net (129.250.3.49) 81.474 ms
81.417 ms 81.443 ms
10 p4-0.uunet.nycmny01.us.bb.verio.net (129.250.9.166) 81.791 ms
81.727 ms 81.665 ms
11 0.so-6-0-0.XL1.NYC9.ALTER.NET (152.63.18.226) 81.826 ms 81.692
ms 81.726 ms
12 0.so-7-0-0.XL1.MIA4.ALTER.NET (152.63.86.189) 113.491 ms 113.294
ms 113.147 ms
13 POS6-0.GW4.MIA4.ALTER.NET (152.63.82.141) 113.110 ms 112.967 ms
113.067 ms
14 antel-gw.customer.alter.net (157.130.83.138) 257.014 ms 257.841
ms 257.590 ms
15 icoreagu1-backb.antel.net.uy (200.40.0.15) 256.189 ms 256.480 ms
256.288 ms
16 gaguada-h-adinet.antel.net.uy (200.40.0.135) 262.947 ms 260.733
ms 261.747 ms
17 agu2bras1-acc.antel.net.uy (200.40.18.65) 258.974 ms 259.006 ms
262.406 ms
18 * * *
19 * * *
20 * * *
21 * * *
22 r200-125-34-234-dialup.adsl.anteldata.net.uy (200.125.34.234)
283.199 ms 290.822 ms 288.108 ms
[root@ns20303 dark]#
As you can see the fake hops not appear in the attackers host.
I tested a lot and in the majority of the case its seems it doesnt works.
Please, i want to know why this problem and if it is there a
posibility to fix it.
Thanx in advance.
jorge.
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:55 EDT