Penetration Testing mailing list archives

RE: Traceroute question

From: Omar Salvador Alcalá Ruiz <oalcala () scitum com mx>
Date: Fri, 29 Dec 2006 10:13:09 -0600

Hi there.

I've seen this scenario under Firewall implementations and NAT/PAT usage,
not just on Cisco, but other vendors as well. I'm not entirely sure, but my
thoughts are that either the host and the NATing device both replies with
the same IP: the one known to the world... And the Firewall is not dropping
correctly outside connections.

Regards.

OA.

-----Original Message-----
From: listbounce () securityfocus com
To: Becky Nelson; pen-test () securityfocus com
Sent: 12/28/2006 6:20 PM
Subject: re: Traceroute question

From: listbounce () securityfocus com on behalf of Becky Nelson
Sent: Wed 12/27/2006 8:36 PM
To: pen-test () securityfocus com

I am running a traceroute and have two hops that report the same
address.  Could someone please explain what would cause this?  I
suspect that this is some type of firewall?

Regards,

Ralf


Becky...err Ralf,
 
Possibly load balanced network(s) in between you and
the traced destination.

Current thread:

Traceroute question Becky Nelson (Dec 27)
- Re: Traceroute question Marcelo Caceres (Dec 28)
- Re: Traceroute question sami ghourabi (Dec 28)
- RE: Traceroute question Tal Argoni (Dec 28)
- Re: Traceroute question Rob Sherwood (Dec 28)
- RE Traceroute question Francois Labreque (Dec 28)
  - Re: RE Traceroute question Datta Vaidya (Dec 29)
- re: Traceroute question Robert MacDonald (Dec 28)
- Re: Traceroute question Cedric Blancher (Dec 29)
- <Possible follow-ups>
- RE: Traceroute question Omar Salvador Alcalá Ruiz (Dec 29)