Re: Reverse Traceroute

[Rolf Winter <rolf.winter () hs-augsburg de>]

Am 27.02.23 um 01:35 schrieb Grant Taylor via NANOG:
> On 2/25/23 3:09 AM, Tore Anderson wrote:
> > I suggest you get in touch with the fine folks at NLNOG RING and ask it
> > they would be interested in setting this up on the 600+ RING nodes all
> > over the world. See https://ring.nlnog.net/.
>
> Similarly you might reach out to RIPE and inquire if they are interested 
> in adding this functionality to their Atlas Probes et al.


RIPE Atlas is a bit "different" in that you need credits to trigger 
something on Atlas. And Atlas already implements traceroute, incl. Paris 
Traceroute. That means, in fact (if you have credits) you can already 
reverse traceroute from an Atlas Probe to yourself (and other places on 
the internet).

But, you are raising in interesting point, which we have thought about 
but dismissed. But feedback from the operational community on this would 
be valuable. Our reverse traceroute currently restricts the server to 
trace back to the issuing client. We did this for security reasons. The 
question was "why should anybody on the internet be able to do a 
traceroute from my server to a destination of choice?". Lifting this 
restriction would allow a functionality similar to 
"https://downforeveryoneorjustme.com/";. But, somebody might use your 
server for this. How do people feel about this? Restrict the reverse 
traceroute operation to be done back to the source or allow it more 
freely to go anywhere?

Best,

Rolf

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature