hopfake question.

[Jorge Alfredo Garcia <frederix () gmail com>]

im trying hopkake by xenion to do some testings about traceroute.
Im having some problem testing the code from different locations for
example a traceroute from my own country against an ip on my conutry
works fine:

C:\>tracert 200.125.36.216



Traza a la dirección r200-125-36-216-dialup.adsl.anteldata.net.uy [200.125.36.21

6]

sobre un máximo de 30 saltos:



 1    18 ms    19 ms    19 ms  agu2bras1.antel.net.uy [200.40.0.67]

 2    47 ms    50 ms    47 ms  spider.ncts.navy.mil [138.147.50.5]

 3    44 ms    49 ms    52 ms  www.army.mil [140.183.234.10]

 4    51 ms    49 ms    49 ms  darpademo1.darpa.mil [192.5.18.104]

 5    47 ms    49 ms    49 ms  iso.darpa.mil [192.5.18.105]

 6    43 ms    53 ms    49 ms  ws18-106.darpa.mil [192.5.18.106]

 7    47 ms    49 ms    49 ms  dtsn.darpa.mil [192.5.18.107]

 8    47 ms    49 ms    49 ms  daml.darpa.mil [192.5.18.108]

 9    47 ms    49 ms    49 ms  border.hcn.hq.nasa.gov [198.116.142.1]

 10  198.116.142.34  informes: Red de destino inaccesible.



Traza completa.

Those address are fake ones using the techinique of sending differents
icmp packets with the last one.


C:\>

But a tracert from spain to uruguay doesnt seeems to work properly:

[root@ns20303 dark]# traceroute 200.125.34.234
traceroute to 200.125.34.234 (200.125.34.234), 30 hops max, 38 byte packets
 1  p19-11-m1.routers.ovh.net (213.251.133.253)  0.737 ms  0.717 ms  0.814 ms
 2  p19-7-6k.routers.ovh.net (213.186.32.65)  0.379 ms  0.337 ms  0.486 ms
 3  th2-1-6k.routers.ovh.net (213.186.32.4)  1.037 ms  0.622 ms  0.722 ms
 4  th2-1-6k.routers.ovh.net (213.186.32.250)  0.764 ms  0.802 ms  0.701 ms
 5  ge-0-0-0-4.r00.parsfr01.fr.bb.verio.net (81.25.193.166)  0.962 ms
0.940 ms  0.931 ms
 6  p4-1-1-2.r21.londen03.uk.bb.verio.net (129.250.2.87)  8.015 ms
8.044 ms  8.036 ms
 7  p16-0-0-0.r80.nycmny01.us.bb.verio.net (129.250.5.91)  81.659 ms
81.680 ms  81.899 ms
 8  p16-0-1-3.r21.nycmny01.us.bb.verio.net (129.250.2.170)  81.689 ms
81.785 ms  81.878 ms
 9  p16-7-0-0.r04.nycmny01.us.bb.verio.net (129.250.3.49)  81.474 ms
81.417 ms  81.443 ms
10  p4-0.uunet.nycmny01.us.bb.verio.net (129.250.9.166)  81.791 ms
81.727 ms  81.665 ms
11  0.so-6-0-0.XL1.NYC9.ALTER.NET (152.63.18.226)  81.826 ms  81.692
ms  81.726 ms
12  0.so-7-0-0.XL1.MIA4.ALTER.NET (152.63.86.189)  113.491 ms  113.294
ms  113.147 ms
13  POS6-0.GW4.MIA4.ALTER.NET (152.63.82.141)  113.110 ms  112.967 ms
113.067 ms
14  antel-gw.customer.alter.net (157.130.83.138)  257.014 ms  257.841
ms  257.590 ms
15  icoreagu1-backb.antel.net.uy (200.40.0.15)  256.189 ms  256.480 ms
 256.288 ms
16  gaguada-h-adinet.antel.net.uy (200.40.0.135)  262.947 ms  260.733
ms  261.747 ms
17  agu2bras1-acc.antel.net.uy (200.40.18.65)  258.974 ms  259.006 ms
262.406 ms
18  * * *
19  * * *
20  * * *
21  * * *
22  r200-125-34-234-dialup.adsl.anteldata.net.uy (200.125.34.234)
283.199 ms  290.822 ms  288.108 ms
[root@ns20303 dark]#

As you can see the fake hops not appear in the attackers host.
I tested a lot and in the majority of the case its seems it doesnt works.
Please, i want to know why this problem and if it is there a
posibility to fix it.
Thanx in advance.
jorge.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------