hiding routers

["Kristian Hermansen" <kristian.hermansen () gmail com>]

I brought this question up on another mailing list, but didn't get any
good answers...

How common is it that a router does not decrement the TTL of packets,
such that it is unable to be identified using traceroute?  Choosing
not to decrement the TTL causes the next router to appear as the hop,
but the current router to remain hidden.  How does one commonly
identify such hidden routers in an automated fashion?  And is it
policy for any organizations to actually do this, or only with certain
packet types?

The responses I got were along the lines of "don't do that, it breaks
tcp/ip and error conditions".  However, I am still interested in how
likely an organization is to try something like this for both
legitimate and illegitimate purposes.
-- 
Kristian Hermansen

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/