Re: hidden routers

[Radu Oprisan <radu () securesystems ro>]

Kristian Hermansen wrote:
> How common is it that a router does not decrement the TTL of packets,
> such that it is unable to be identified using traceroute?  Choosing
> not to decrement the TTL causes the next router to appear as the hop,
> but the current router to remain hidden.  How does one commonly
> identify such hidden routers in an automated fashion?  And is it
> policy for any organizations to actually do this, or only with certain
> packet types?
It is somewhat against tcp/ip policy. So you can't debug a connection 
like this properly but for security reasons, having a hidden router that 
shapes bandwidth or has an NIDS or something like this, you could come 
to the point where you need it. It may be policy for some organizations 
but for most it is not, maybe just a security freak's idea of having 
fun. You can't really discover it, to my knowledge.