nanog mailing list archives

Re: Reverse Traceroute

From: Saku Ytti <saku () ytti fi>
Date: Mon, 27 Feb 2023 15:36:55 +0200

On Mon, 27 Feb 2023 at 10:16, Rolf Winter <rolf.winter () hs-augsburg de> wrote:

"https://downforeveryoneorjustme.com/";. But, somebody might use your
server for this. How do people feel about this? Restrict the reverse
traceroute operation to be done back to the source or allow it more
freely to go anywhere?


What are the pros and cons of this? Let's call it destination TLV.

If I am someone who wants to do volumetric attack, I won't set any
destination TLV, because without destination TLV and by spoofing my
source, I get more leverage. If my source and destination TLV differ,
then I have less leverage. So in this sense, it adds no security
implications, but adds a massive amount of diagnostic power, as one
very common request is to ask traceroute between nodes you have no
access to.

What it would allow is port knocking the ports used through proxy, if
this matters or not might be debatable.

Perhaps the standard should consider some abilities to be default on,
and others default off, and let the operator decide if they want to
turn some default off abilities on, such as honoring destination TLV.

-- 
  ++ytti

Current thread:

Re: Reverse Traceroute, (continued)
- - - Re: Reverse Traceroute Ethan Katz-Bassett (Feb 26)
    - Re: Reverse Traceroute Rolf Winter (Feb 26)
- Re: Reverse Traceroute Tore Anderson (Feb 25)
  - Re: Reverse Traceroute Rolf Winter (Feb 25)
    - Re: Reverse Traceroute Hugo Slabbert (Feb 25)
    - Re: Reverse Traceroute Hugo Slabbert (Feb 25)
    - Re: Reverse Traceroute Rolf Winter (Feb 26)
    - Re: Reverse Traceroute Hugo Slabbert (Feb 28)
  - Re: Reverse Traceroute Grant Taylor via NANOG (Feb 26)
    - Re: Reverse Traceroute Rolf Winter (Feb 27)
    - Re: Reverse Traceroute Saku Ytti (Feb 27)
    - Re: Reverse Traceroute Grant Taylor via NANOG (Feb 27)