Tracing Trace Route
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Tracing Trace Route

  1. #1

    Tracing Trace Route

    Hey,

    I was wondering if there was anyway to trace if your being trace routed. The only way i could think of is if you had some control over the way that you went to the host, and recorded all the ICMP packets that can your way......

    other than that i dunno

  2. #2
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    ummm, maybe its just because im tired, but you wanna know if you can trace someone who is trace routing you? if so im pretty sure you could, a port blocker or firewall would show them trying to trace you and you could trace the IP and tell there ISP, but if thats not what you mean could you maybe edit your post so its a lil more clear? iv always been against people saying "i wanna do stuff with this thingy how do i do it?" hehe

  3. #3
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    There are programs like fakeroute that can change the traceroute people do on you..

    other then that I dunno..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  4. #4
    Where this came up was that me and a friend was talking about finding out if you were being trace routed, and then change the route or break it some how. We thought you would have to comprimise some sytems and break the route.......but were not really into that kinda thing so i was wondering if there were other ways to do it.

  5. #5
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    id reccommend a firewall or port blocker or both to you, some walls will actually tell you who and what is trying to trace you and block it. http://www.downloads.com is a good place to look at firewalls, not only can you download them you can read reviews.

  6. #6
    Member
    Join Date
    Dec 2001
    Posts
    87
    Or you could just use an anonymous proxy . Then the furthest they could trace you is to the proxy ip. If you use windows have a look at http://www.multiproxy.org/. They have a free program which will enable you to use anonymous proxies while browsing. Obviously this wont work on irc but hey its free

  7. #7
    K thnx for the posts ppl.
    Yeah was thinking about the proxy issue. You can use proxies while browsing by going into internet options and lan settings then proxy. And the same with IRC. Also a number of programs has forwarding with proxies.
    Im sure there are hundreads of proxy tut's out there, so i wont say much.

    But thnx again for the info, and ill try that fake route and report how it goes

  8. #8
    Senior Member
    Join Date
    Oct 2002
    Posts
    112
    Mupp3t,

    A Trace route is just a modified ping packet (ICMP ECHO_REQUEST). The trace route program sends a ping to your address with TTL (Time To Live) set to one. The device on the first hop receives the packet with the TTL of one, decrements it to zero and replies back to the sender with a "time exceeded". The Trace route program then examines the return packet to see what device is one hope away. A new ping packet is then generated with a TTL of 2 and sent on it's way to find the next hop.

    was wondering if there was anyway to trace if your being trace routed
    Monitor your ICMP traffic as you suggested and watch for ICMP ECHO_REQUEST's with a TTL of one. The default starting TTL on an ICMP packet is 255 so chances are anything with a TTL of one is probably a trace route.

    If you simply want to make sure that you can not be trace routed block all ICMP or ICMP ECHO_REQUEST traffic at your firewall and the "time exceeded" packet will not be returned.

    me and a friend was talking about finding out if you were being trace routed, and then change the route or break it some how.
    Now that you know what you are looking for you can send back modified "time exceeded" message with spoofed information about your location to the requester, but you can't change the rest of the route since it was reported back to the sender before the last packet got to your location.
    If you receive something that says \'Send this to everyone you know,\' pretend you don\'t know me.

  9. #9
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    You would not only have to drop incoming ICMP packets, but also UDP packets if the trace route is being performed by a *nix machine.
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    your absolutly right SoggyBottom thats why devices like fakeroute (which take advantage of the unix udp packet) only work if the tracert comes from a *nix machine and are absolutly useless against a windows box.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •