RE: Traceroute question

From: Omar Salvador Alcalá Ruiz (oalcala@scitum.com.mx)
Date: Fri Dec 29 2006 - 11:13:09 EST

• Next message: Serg B.: "Re: Virtual environments security"
• Previous message: Mifa: "TOR; is it exploitable?"
• Maybe in reply to: Becky Nelson: "Traceroute question"
• Next in thread: Dieter Sarrazyn: "RE: Traceroute question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi there.

I've seen this scenario under Firewall implementations and NAT/PAT usage,
not just on Cisco, but other vendors as well. I'm not entirely sure, but my
thoughts are that either the host and the NATing device both replies with
the same IP: the one known to the world... And the Firewall is not dropping
correctly outside connections.

Regards.

OA.

-----Original Message-----
From: listbounce@securityfocus.com
To: Becky Nelson; pen-test@securityfocus.com
Sent: 12/28/2006 6:20 PM
Subject: re: Traceroute question

>From: listbounce@securityfocus.com on behalf of Becky Nelson
>Sent: Wed 12/27/2006 8:36 PM
>To: pen-test@securityfocus.com
>
>I am running a traceroute and have two hops that report the same
>address. Could someone please explain what would cause this? I
>suspect that this is some type of firewall?
>
>Regards,
>
>Ralf

Becky...err Ralf,
 
Possibly load balanced network(s) in between you and
the traced destination.

• Next message: Serg B.: "Re: Virtual environments security"
• Previous message: Mifa: "TOR; is it exploitable?"
• Maybe in reply to: Becky Nelson: "Traceroute question"
• Next in thread: Dieter Sarrazyn: "RE: Traceroute question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:30 EDT