[7628] in bugtraq
Re: RotoRouter 1.0 - Traceroute log & fake
daemon@ATHENA.MIT.EDU (Vadim Kolontsov)
Wed Aug 12 15:48:20 1998
Date: Wed, 12 Aug 1998 10:03:58 +0400
Reply-To: Vadim Kolontsov <vadim@TVERSU.RU>
From: Vadim Kolontsov <vadim@TVERSU.RU>
X-To: "#include <gerbil.h>" <humble@HUMBLE.GERBIL.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.BSF.4.02.9808111917370.3840-101000@humble.gerbil.com>; from
#include <gerbil.h> on Tue, Aug 11, 1998 at 08:48:09PM -0400
Hi,
On Tue, Aug 11, 1998 at 08:48:09PM -0400, #include <gerbil.h> wrote:
[RotoRouter]
Some time ago I've wrote a similar utility.
From http://sb.123.org/tdetect.html
--------------------------- cut here ----------------------
Traceroute Detector
If you're interested to detect all attempts to make "traceroute your-host"
or "traceroute host.your-network", you can try to use this simple program.
The idea is simple - to detect UDP (Unix traceroute) or ICMP ECHO (Windows
traceroute) packets with TTL fields == 1.
Program was developed under FreeBSD 2.2.2 using Berekeley Packet Filter
library, currently supports only loopback and ethernet interfaces (it's
easy to add SLIP/FDDI). It's possible to port it to other systems (don't
forget to send me diffs ;). Remember - it's not a completed product, just a
couple of C-files to demonstrate the idea.
An example of output:
Traceroute Detector active on fxp0
UDP-based traceroute attempt to 10.0.0.20 from 10.10.30.45
ICMP-based traceroute attempt to 10.0.0.1 from 10.10.30.48
First one is probably UNIX box, and the second one is Windows (or Unix
traceroute with "-I" option)
--------------------------- cut here ----------------------
You can download it from that page.
Regards,
V.
--
Vadim Kolontsov
Tver Internet Center NOC
