From owner-freebsd-hackers Tue Sep 19 7:43: 0 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from itesec.hsc.fr (itesec.hsc.fr [192.70.106.33]) by hub.freebsd.org (Postfix) with ESMTP id B0CD837B422 for ; Tue, 19 Sep 2000 07:42:50 -0700 (PDT) Received: from ogoun.hsc.fr (ogoun.hsc.fr [192.70.106.75]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (Client CN "ogoun.hsc.fr", Issuer CN "HSC CA" (verified OK)) by itesec.hsc.fr (Postfix) with ESMTP id C77F410E04 for ; Tue, 19 Sep 2000 16:42:49 +0200 (CEST) Received: by ogoun.hsc.fr (Postfix, from userid 1000) id 472AF9D411; Tue, 19 Sep 2000 16:42:16 +0200 (CEST) Date: Tue, 19 Sep 2000 16:42:16 +0200 From: Yann Berthier To: freebsd-hackers@FreeBSD.ORG Subject: Re: traceroute using tcp to a port? Message-ID: <20000919164216.J65102@hsc.fr> References: <00ac01c02218$7f91e080$0e00a8c0@neland.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <00ac01c02218$7f91e080$0e00a8c0@neland.dk>; from leifn@neland.dk on Tue, Sep 19, 2000 at 11:00:57AM +0200 X-Organization: Herve Schauer Consultants X-Operating-System: FreeBSD 5.0-CURRENT Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 19 Sep 2000, Leif Neland wrote: > If I understand correctly, traceroute works by sending pings with ttl=1, > ttl=2,ttl=3 etc and records the names of the routers where the ttl reaches > zero. > > However, an increasing number of sites believes in security by obscurity, > and blocks for pings. > > Would the same technique work for making a telnet to port 80 with ttl=1, > ttl=2 etc? > > Leif Of course it works, and very well. You should try hping (http://www.kyuzz.org/antirez/hping/) which is a _very cool_ tool developped by Antirez. With it you could do (among many things) traceroute over tcp. regards, -- Yann BERTHIER Yann.Berthier@hsc.fr Network Security Consultant Herve Schauer Consultant To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message