[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Spot The Fed

To: "Cypherpunks (E-mail)" <[email protected]>
Subject: RE: Spot The Fed
From: Matthew James Gering <[email protected]>
Date: Thu, 10 Sep 1998 11:42:02 -0700
Sender: [email protected]



Traceroute doesn't use DNS? Whatever.

And it's ICMP, Internet Control Management Protocol.

The original traceroute works by sending User Datagram Protocol (UDP)
datagrams (default 3) to an invalid port address of a remote host,
starting with a Time-To-Live (TTL) of 1 causing the first router in the
path to return an ICMP Time Exceeded Message (TEM), traceroute
increments the TTL by one (up the max hop count, default 30) and
resends, reaching the next router, until an ICMP Destination Unreachable
Message is returned indicating the unreachable port on the destination
host.

The IP addresses of the hops are determined by the return packet
headers, there is no hostname. Reverse DNS lookup is used to give you
the host names, which can be turned on or off in the traceroute options
(it's much faster if you turn it off).

Traceroute was a diagnostic kludge. RFC 1393 describes and ICMP-based
traceroute function, whereby traceroute sends an ICMP trace message (see
the RFC for details) but there is still no hostname on the return
packet, DNS is still used.

Certain ICMP messages are often disabled and/or certain ports blocked or
"shaped" by routers under thresholds to prevent common Denial-of-Service
(DoS) attacks.

	Matt



> -----Original Message-----
> From: Raymond D. Mereniuk [mailto:[email protected]]

> Traceroute doesn't use DNS, it doesn't need to as it already has the 
> IP numbers.  DNS is a system which provides IP numbers when you 
> give it a domain name.  Reverse DNS provides a host name to an IP 
> address but Traceroute doesn't use it.
> 
> Traceroute works at the router level.  Traceroute is like Ping but 
> provides information on every hop including IP number and 
> assigned device name.  With Traceroute if a host name is not 
> received, when requested of course, it is because the equipment 
> was not assigned a host name or it is deliberately suppressed.  I 
> don't use Traceroute a lot but this is the first time I have 
> seen host names suppressed.  
> 
> A lot of routers have ICM suppressed and will not provide a device 
> name.  If an end user site wants to provide better security they will 
> turn off ICM packets.  At that point Traceroute doesn't work at all.

Prev by Date: RE: Renewable Energy Stuff (was citizenship silliness) (fwd)
Next by Date: CJ Update
Prev by thread: Re: Spot The Fed / ICMP, UDP, and traceroute
Next by thread: Re: Archives? What archives? (fwd)
Index(es):
- Date
- Thread