Brian Hawkins on 22 Oct 2005 11:59:17 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [tcptra-dev] Where to get libnet?

I'm intending on using tcptraceroute to do some mapping of the internet for a class I'm taking and I don't want my activity to be seen as an attack on a server. There are a few known SYN attacks were the attacker tries to fill up the servers connections, but if what you say is true and the computer running tcptraceroute sends back an RST this should not be a problem.


Michael C. Toren wrote:

On Thu, Oct 20, 2005 at 08:33:50PM -0600, Brian Hawkins wrote:

Hopefully this is not quite as dumb of a question. If you do get an ack
back from your syn packet what does tcptraceroute do?

As Jon said, this indicates to tcptraceroute both that the port is open, and also that the TTL of the probe packet was large enough such that our probe made it all the way to the destination. Outside of tcptraceroute, the kernel of the machine tcptraceroute is running on will see a seemingly random ACK which does not match an existing entry in its state table, and will in turn respond with an RST. But, this largely doesn't concern us.

Secondly have there been any security issues brought up about using tcp
for trace routes?

I'm not entirely sure what it is you're asking. Are you asking if there have there been any security concerns using the traceroute technique that tcptraceroute implements? Not that I'm aware of, other than the fact that by using TCP probe packets tcptraceroute is able to trace through many common firewalls. Or, are you asking if there have been any security problems in tcptraceroute itself, given that it runs SUID root? The only item which has been brought to my attention is that previous versions of tcptraceroute did not drop root privileges properly after the raw socket was opened, which could have have been a problem if an additional bug was discovered at a point later in the code, but to my knowledge none has been found.


tcptraceroute-dev mailing list