Security Basics mailing list archives

Re: Weird trace route output

From: Max Vohra <randomman.list () gmail com>
Date: Tue, 17 Apr 2007 00:07:57 -0700

On Mon, 16 Apr 2007 11:42:44 +0530
Pranay Kanwar <warl0ck () metaeye org> wrote:

Appearance of private addresses in `traceroute` just
shows how system administrators have mis configured
their system. The route will work perfectly fine
but might be difficult to troubleshoot.

For example here on my system i receive no response from
192.168.107.133 cause our firewall blocks any packet
that comes in from private address space.


Regards,

warl0ck // MSG
http://www.metaeye.org


Showing all of the IP addresses along the way, regardless of if their private or not is much better than blocking them, 
for the purpose of network diagnostics (which is the intent of traceroute, right?). If you see a public IP hop, three 
lines of stars, then a another public IP, then you can tell that it likely went through 3 machines good luck finding 
out which ones were increasing the latency (Maybe use 0trace?), and the Sysadmins on the other line would be more 
likely to tell you to FOAD. If you told them that 192.168.123.31 in their network had an increased latency, it helps 
both the SA and the user find out what's going on and fix the problem.

-- 
Max Vohra <RandomMan.List () gmail com>

Current thread:

Weird trace route output Jody Riding (Apr 15)
- RE: Weird trace route output David Gillett (Apr 16)
- Re: Weird trace route output Alex Nedelcu (Apr 16)
- Re: Weird trace route output Scott Pack (Apr 16)
- Re: Weird trace route output Pranay Kanwar (Apr 16)
  - Re: Weird trace route output Max Vohra (Apr 17)
    - RE: Weird trace route output David Gillett (Apr 17)
  - Re[2]: Weird trace route output Thierry Zoller (Apr 17)
    - Re: Weird trace route output Pranay Kanwar (Apr 17)
- <Possible follow-ups>
- Re: Weird trace route output notmyemail (Apr 16)