BugTraq
0trace - traceroute on established connections Jan 06 2007 11:53PM
Michal Zalewski (lcamtuf dione ids pl) (4 replies)
Re: [Full-disclosure] 0trace - traceroute on established connections Jan 13 2007 11:49PM
Robert Å?wiÄ?cki (jagger swiecki net) (1 replies)
Re: [Full-disclosure] 0trace - traceroute on establishedconnections Jan 24 2007 09:51PM
Jon Oberheide (jon oberheide org)
Re: [Full-disclosure] 0trace - traceroute on established connections Jan 09 2007 08:03AM
Alessandro Dellavedova (alessandro dellavedova ifom-ieo-campus it) (2 replies)
Re: [Full-disclosure] 0trace - traceroute on established connections Jan 09 2007 11:11AM
Michal Zalewski (lcamtuf dione ids pl)
Re: [Full-disclosure] 0trace - traceroute on establishedconnections Jan 09 2007 08:21AM
Jon Oberheide (jon oberheide org)
Re: [DCC SPAM] 0trace - traceroute on established connections Jan 08 2007 08:09PM
Lance James (lancej securescience net)
Re: [Full-disclosure] 0trace - traceroute on established connections Jan 07 2007 12:58AM
Michal Zalewski (lcamtuf dione ids pl)
On Sun, 7 Jan 2007, Michal Zalewski wrote:

> [ Of course, I might be wrong, but Google seems to agree with my
> assessment. A related use of this idea is 'firewalk' by Schiffman and
> Goldsmith, a tool to probe firewall ACLs; another utility called
> 'tcptraceroute' by Michael C. Toren implements TCP SYN probes, but since
> the tool does not ride an existing connection, it is less likely to
> succeed (sometimes a handshake must be completed with the NAT device
> before any traffic is forwarded). ]

Erik Kamerling pointed off-the-list that everybody's favourite Dan
Kaminsky (www.doxpara.com) did some research on that subject, too; his
'paratrace' followed a similar principle, but relied on the party
correcting out-of-sync retransmissions. I found this approach to give poor
results in today's networks with overzealous commercial packet filters,
and hence, my tool implements an invasive approach where the current
session is trashed with in-sync data to solicit a high response rate.

Still, a credit is due!

Cheers,
/mz

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus