Michael C. Toren on 21 Oct 2005 18:16:50 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [tcptra-dev] Where to get libnet?

On Thu, Oct 20, 2005 at 08:33:50PM -0600, Brian Hawkins wrote:
> Hopefully this is not quite as dumb of a question.  If you do get an ack
> back from your syn packet what does tcptraceroute do?

As Jon said, this indicates to tcptraceroute both that the port is open,
and also that the TTL of the probe packet was large enough such that our
probe made it all the way to the destination.  Outside of tcptraceroute,
the kernel of the machine tcptraceroute is running on will see a seemingly
random ACK which does not match an existing entry in its state table, and
will in turn respond with an RST.  But, this largely doesn't concern us.

> Secondly have there been any security issues brought up about using tcp
> for trace routes?

I'm not entirely sure what it is you're asking.  Are you asking if there
have there been any security concerns using the traceroute technique that
tcptraceroute implements?  Not that I'm aware of, other than the fact that
by using TCP probe packets tcptraceroute is able to trace through many
common firewalls.  Or, are you asking if there have been any security
problems in tcptraceroute itself, given that it runs SUID root?  The only
item which has been brought to my attention is that previous versions of
tcptraceroute did not drop root privileges properly after the raw socket
was opened, which could have have been a problem if an additional bug was
discovered at a point later in the code, but to my knowledge none has been


perl -e'$u="\4\5\6";sub H{8*($_[1]%79)+($_[0]%8)}sub G{vec$u,H(@_),1}sub S{vec
($n,H(@_),1)=$_[2]}$_=q^{P`clear`;for$iX){PG($iY)?"O":" "forX8);P"\n"}for$iX){
forX8){$c=scalar grep{G@$_}[$i-1Y-1Z-1YZ-1Y+1ZY-1ZY+1Z+1Y-1Z+1YZ+1Y+1];S$iY,G(
/,\$_/xg;s/X/(0..7/g;s/P/print+/g;eval' #     Michael C. Toren <mct@toren.net>

tcptraceroute-dev mailing list