Penetration Testing mailing list archives

Re: Traceroutes to Cisco Routers

From: Ranjeet Shetye <ranjeet.shetye2 () zultys com>
Date: Tue, 8 Jun 2004 12:49:32 -0700

* Dieter Sarrazyn (dsr () ascure com) wrote:

Hi all,

While performing pentests, I noticed some (strange) behaviour with
tracerouting to cisco routers.

Performing the trace with udp packets (default on linux), the router
answers with it's ip address of the interface closest to you (external
interface of the router).
Performing traces with icmp (-I flag in linux, default in windows), the
router answers with it's ip address that you are tracing to (mostlikely
the internal interface of the router).

Anybody noticed this behaviour as well?
Has somebody an explanation for this?

Regards,
Dieter


never tried it or noticed it but it sounds like the udp ping is being routed
in a standard manner, while the icmp response code path is short-circuited
and "switched" rather than routed, if you get my meaning.

-- 
Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye at Zultys dot com
http://www.zultys.com/
 
The views, opinions, and judgements expressed in this message are solely those of
the author. The message contents have not been reviewed or approved by Zultys.

Current thread:

Traceroutes to Cisco Routers Dieter Sarrazyn (Jun 07)
- Re: Traceroutes to Cisco Routers Ranjeet Shetye (Jun 09)
- Re: Traceroutes to Cisco Routers James Fields (Jun 10)
- Re: Traceroutes to Cisco Routers Frank Knobbe (Jun 10)
- <Possible follow-ups>
- Re: Traceroutes to Cisco Routers juan . losada (Jun 10)