Security Basics mailing list archives
Re: hidden routers
From: "Alex Nedelcu" <alexpheno () gmail com>
Date: Thu, 19 Apr 2007 00:12:57 +0300
It's unlikely for a RFC compliant router to behave as you described, there are cases though where it's useful or even necessary to implement such a thing. I've seen cases where a service provider enforces the use of a single terminal (computer or other equipment with no routing logic) for certain internet services, this is done by setting the TTL value on the provider's edge router to 1, thus if the client wants to redistribute that internet to other computers (NAT), during the routing process the TTL would reach 0, disallowing the natted hosts to see the returning traffic from the internet. This is a situation where keeping a value of 1 or resetting that field would be necessary. I know that it's probably not your case but routers that process traffic traversing Layer 2 and layer 3 VPNs also do not decrease TTL of the encapsulated packet, for the endpoints participating in the communication the only routers that would be visible with a traceroute would be only the ones that were taversed prior to the local encapsulation and after decapsulation at the remote location. The routers you speak of could also be set in bridging mode, in this situation they would not be reachable at layer 3. The last scenario that comes in mind is that all the routers do decrement the TTL but not all icmp time exceeded packets reach you due to filtering or network congestion.
Current thread:
- hidden routers Kristian Hermansen (Apr 17)
- Re: hidden routers Radu Oprisan (Apr 18)
- Re: hidden routers Alex Nedelcu (Apr 18)
- Re: hidden routers Max Vohra (Apr 18)
- Re: hidden routers Radu Oprisan (Apr 18)