Neat traceroute news -- 0trace and nmap --traceroute

[Fyodor <fyodor () insecure org>]

Some people may consider IP traceroute to be "old, boring 80's
technology", but the last couple of days have showed there is still
room for innovation in both the techniques and implementation!

Yesterday we were treated with Eddie's updated patch for adding
advanced traceroute support to Nmap:

http://seclists.org/nmap-dev/2007/q1/0024.html

A much longer description of how it works can be seen in an earlier
release posting:

http://seclists.org/nmap-dev/2006/q3/0285.html

But don't use the old code from that Q306 release.  Anyone who tries
it out should send their comments to this list.  I'm hoping to play
with it a bit and hopefully integrate it very soon.

Meanwhile, today saw the publication of a new traceroute tool named
0trace by always-innovative Michal Zalewski.  His proof-of-concept
tool allows for creation of a connection to a protected server
(e.g. to a web site behind a DMZ) and then piggy-backs on that
connection to get traceroute packets through the firewall.  This
apparently works better than plain SYN packets in some cases.  Michal
gives a slick example using eBay in his posting:

http://seclists.org/bugtraq/2007/Jan/0176.html

Cheers,
Fyodor


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org