[3807] in North American Network Operators' Group
Re: Access to the Internic Blocked -- LSRR, traceroute with ICMP
daemon@ATHENA.MIT.EDU (Ehud Gavron)
Thu Aug 22 03:19:48 1996
Date: Wed, 21 Aug 1996 23:59:58 -0700 (MST)
From: Ehud Gavron <GAVRON@ACES.COM>
In-reply-to: Your message dated "Thu, 22 Aug 1996 00:38:17 -0500 (CDT)"
<Pine.GSO.3.94.960822003435.9967N-100000@staff1.texas.net>
To: Edward Henigin <ed@texas.net>
Cc: Vadim Antonov <avg@quake.net>, nanog@merit.edu, GAVRON@ACES.COM
> Speaking of which, is anyone going to implement traceroute
>for UNIX which using icmp echo requests, instead of (semi-)random
>udp packets, as the ammo? This is one way which I think Microsoft out
>did the old UNIX implementations.
They're not semi (or quasi) random udp packets. They're sequential
packets.
Secondly, current router vendors' decisions to prioritize ICMP echo
request as dung-level packets means that traceroute's UDP packets
actually get through at times when pings don't.
Third, I'd be happy to implement it... but I'm not sure this would
be a win. I can see the loss (see paragraph 2), but WHAT is the
big win???
E
p.s. The original question was based on Vadim's rhetorical query
as to router vendors. Learn to differentiate between WISHFUL
THINKING and routing reality. When router vendors pledge to
not drop, and properly route lsrr icmp echo request/reply
that code will be online within 24 hours.
�
> The combination of the above and the below would give us
>the usefulness we want and the security we want. (I don't think
>the below would work with Van Jacobsen's traceroute 1.2)
>On Wed, 21 Aug 1996, Vadim Antonov wrote:
>> On itself, LSRR is a godsend to hackers (i can think of about
>> a dozen of very nasty attacks using general LSRR). The only
>> useful application for it is traceroute.
>>
>> Why don't router vendors provide an option to turn it
>> off for everything but ICMP ECHO?
>>
>> --vadim
