Bugtraq mailing list archives
Re: RotoRouter 1.0 - Traceroute log & fake
From: vadim () TVERSU RU (Vadim Kolontsov)
Date: Wed, 12 Aug 1998 10:03:58 +0400
Hi, On Tue, Aug 11, 1998 at 08:48:09PM -0400, #include <gerbil.h> wrote: [RotoRouter] Some time ago I've wrote a similar utility. From http://sb.123.org/tdetect.html --------------------------- cut here ---------------------- Traceroute Detector If you're interested to detect all attempts to make "traceroute your-host" or "traceroute host.your-network", you can try to use this simple program. The idea is simple - to detect UDP (Unix traceroute) or ICMP ECHO (Windows traceroute) packets with TTL fields == 1. Program was developed under FreeBSD 2.2.2 using Berekeley Packet Filter library, currently supports only loopback and ethernet interfaces (it's easy to add SLIP/FDDI). It's possible to port it to other systems (don't forget to send me diffs ;). Remember - it's not a completed product, just a couple of C-files to demonstrate the idea. An example of output: Traceroute Detector active on fxp0 UDP-based traceroute attempt to 10.0.0.20 from 10.10.30.45 ICMP-based traceroute attempt to 10.0.0.1 from 10.10.30.48 First one is probably UNIX box, and the second one is Windows (or Unix traceroute with "-I" option) --------------------------- cut here ---------------------- You can download it from that page. Regards, V. -- Vadim Kolontsov Tver Internet Center NOC
Current thread:
- Yet another DOS/Exploit in ICQ??????, (continued)
- Yet another DOS/Exploit in ICQ?????? Arnvid L. Karstad (Aug 10)
- Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Brett Lymn (Aug 10)
- Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Kari E. Hurtta (Aug 12)
- Re: Apache DoS Attack Dag-Erling Coidan Smørgrav (Aug 12)
- Microsoft Security Bulletin (MS98-008) Aleph One (Aug 12)
- Security Bulletins Digest (fwd) Piotr Strzy¿ewski (Aug 12)
- Netscape Exploit? Mozilla? Crispin Cowan (Aug 11)
- FW: CERT Advisory CA-98.10 - mime_buffer_overflows Patrick Oonk (Aug 11)
- Re: FW: CERT Advisory CA-98.10 - mime_buffer_overflows (VU#5648) John D. Hardin (Aug 11)
- RotoRouter 1.0 - Traceroute log & fake #include (Aug 11)
- Re: RotoRouter 1.0 - Traceroute log & fake Vadim Kolontsov (Aug 11)