From owner-freebsd-hackers  Tue Sep 19  7:36:22 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from envy.vuurwerk.nl (envy.vuurwerk.nl [194.178.232.112])
	by hub.freebsd.org (Postfix) with SMTP id 3213F37B422
	for <freebsd-hackers@FreeBSD.ORG>; Tue, 19 Sep 2000 07:36:20 -0700 (PDT)
Received: (qmail 7122 invoked from network); 19 Sep 2000 14:36:18 -0000
Received: from kesteren.vuurwerk.nl (HELO daemon.vuurwerk.nl) (194.178.232.59)
  by envy.vuurwerk.nl with SMTP; 19 Sep 2000 14:36:18 -0000
Received: (nullmailer pid 5945 invoked by uid 11109);
	Tue, 19 Sep 2000 14:36:19 -0000
Date: Tue, 19 Sep 2000 16:36:19 +0200
From: Peter van Dijk <petervd@vuurwerk.nl>
To: freebsd-hackers@FreeBSD.ORG
Subject: Re: traceroute using tcp to a port?
Message-ID: <20000919163619.K5422@vuurwerk.nl>
Mail-Followup-To: Peter van Dijk <petervd@vuurwerk.nl>,
	freebsd-hackers@FreeBSD.ORG
References: <00ac01c02218$7f91e080$0e00a8c0@neland.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <00ac01c02218$7f91e080$0e00a8c0@neland.dk>; from leifn@neland.dk on Tue, Sep 19, 2000 at 11:00:57AM +0200
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, Sep 19, 2000 at 11:00:57AM +0200, Leif Neland wrote:
> If I understand correctly, traceroute works by sending pings with ttl=1,
> ttl=2,ttl=3 etc and records the names of the routers where the ttl reaches
> zero.
> 
> However, an increasing number of sites believes in security by obscurity,
> and blocks for pings.

traceroute doesn't use pings. mtr does.

> Would the same technique work for making a telnet to port 80 with ttl=1,
> ttl=2 etc?

traceroute currently uses UDP in a similar way, and a SYN ping (like
nmap does) should be possible too, yes.

The problem is that those sites hinder traceroutes by blocking certain
kinds of *outgoing* ICMP traffic, and there's no way we can work around
that.

Greetz, Peter.
-- 
[ircoper]        petervd@vuurwerk.nl - Peter van Dijk / Hardbeat
[student]        Undernet:#groningen/wallops | IRCnet:/#alliance
[developer]      EFnet:#qmail              _____________
[disbeliever - the world is backwards]    (__VuurWerk__(--*-


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message