Tracing Trace Route

[mupp3t]

Hey,

I was wondering if there was anyway to trace if your being trace routed. The only way i could think of is if you had some control over the way that you went to the host, and recorded all the ICMP packets that can your way......

other than that i dunno

[gore]

ummm, maybe its just because im tired, but you wanna know if you can trace someone who is trace routing you? if so im pretty sure you could, a port blocker or firewall would show them trying to trace you and you could trace the IP and tell there ISP, but if thats not what you mean could you maybe edit your post so its a lil more clear? iv always been against people saying "i wanna do stuff with this thingy how do i do it?" hehe

[the_JinX]

There are programs like fakeroute that can change the traceroute people do on you..

other then that I dunno..

[mupp3t]

Where this came up was that me and a friend was talking about finding out if you were being trace routed, and then change the route or break it some how. We thought you would have to comprimise some sytems and break the route.......but were not really into that kinda thing so i was wondering if there were other ways to do it.

[gore]

id reccommend a firewall or port blocker or both to you, some walls will actually tell you who and what is trying to trace you and block it. http://www.downloads.com is a good place to look at firewalls, not only can you download them you can read reviews.

[owensleftfoot]

Or you could just use an anonymous proxy . Then the furthest they could trace you is to the proxy ip. If you use windows have a look at http://www.multiproxy.org/. They have a free program which will enable you to use anonymous proxies while browsing. Obviously this wont work on irc but hey its free

[mupp3t]

K thnx for the posts ppl.
Yeah was thinking about the proxy issue. You can use proxies while browsing by going into internet options and lan settings then proxy. And the same with IRC. Also a number of programs has forwarding with proxies.
Im sure there are hundreads of proxy tut's out there, so i wont say much.

But thnx again for the info, and ill try that fake route and report how it goes

[magnoon]

Mupp3t,

A Trace route is just a modified ping packet (ICMP ECHO_REQUEST). The trace route program sends a ping to your address with TTL (Time To Live) set to one. The device on the first hop receives the packet with the TTL of one, decrements it to zero and replies back to the sender with a "time exceeded". The Trace route program then examines the return packet to see what device is one hope away. A new ping packet is then generated with a TTL of 2 and sent on it's way to find the next hop.

was wondering if there was anyway to trace if your being trace routed

Monitor your ICMP traffic as you suggested and watch for ICMP ECHO_REQUEST's with a TTL of one. The default starting TTL on an ICMP packet is 255 so chances are anything with a TTL of one is probably a trace route.

If you simply want to make sure that you can not be trace routed block all ICMP or ICMP ECHO_REQUEST traffic at your firewall and the "time exceeded" packet will not be returned.

me and a friend was talking about finding out if you were being trace routed, and then change the route or break it some how.

Now that you know what you are looking for you can send back modified "time exceeded" message with spoofed information about your location to the requester, but you can't change the rest of the route since it was reported back to the sender before the last packet got to your location.

[SoggyBottom]

You would not only have to drop incoming ICMP packets, but also UDP packets if the trace route is being performed by a *nix machine.

[Tedob1]

your absolutly right SoggyBottom thats why devices like fakeroute (which take advantage of the unix udp packet) only work if the tracert comes from a *nix machine and are absolutly useless against a windows box.