Re: 0trace - traceroute on established connections

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: 0trace - traceroute on established connections
From: Tony Rall <trall@xxxxxxxxxxxxxxx>
Date: Fri, 28 Sep 2007 11:19:20 -0700
In-reply-to: <20070928114359.17135.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

On Friday, 2007-09-28 at 11:43 GMT, tyter9@xxxxxxxxx wrote:
> I think it would be interesting to enumerate incoming connections.
> 
> user (192.168.0.2) --> router (192.168.0.1) --> gateway/masquarade --> 
~~~~ --> 
> server (0trace).
> What do you think about it? is it possible to enumerate internal "user" 
user 
> network?

Remember that the route traffic takes is dynamically determined with each 
packet - and most of those decisions are made outside your own machine. 
The path taken by one packet may differ markedly from that of the previous 
packet to the same destination.

And, in trying do what you suggest, you run into all of the shortcomings 
of traceroute - including:

1. Some nodes won't respond to you.
2. Some nodes may even lie to you.
3. There is no reasonable way to determine the path of the return traffic 
(asymmetric routing).

--
Tony Rall

References:
- Re: 0trace - traceroute on established connections
  - From: tyter9

Prev by Date: Re: defining 0day
Next by Date: [SECURITY] [DSA 1378-2] New Linux 2.6.18 packages fix several vulnerabilities
Previous by thread: Re: 0trace - traceroute on established connections
Next by thread: @lex Guestbook <= 4.0.2 Remote Command Execution Exploit
Index(es):
- Date
- Thread