Re: Traceroutes to Cisco Routers

From: James Fields (jvfields@tds.net)
Date: Tue Jun 08 2004 - 17:55:14 EDT

• Next message: H D Moore: "Metasploit Framework v2.1"
• Previous message: H Carvey: "Re: Global.asa security under IIS 6.0"
• In reply to: Dieter Sarrazyn: "Traceroutes to Cisco Routers"
• Next in thread: juan.losada@empresas.telefonica.es: "Re: Traceroutes to Cisco Routers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Is this with all Cisco routers? You can set certain types of packets (I
believe ICMP is such a case) to always be sourced from a particular
interface.

----- Original Message -----
From: "Dieter Sarrazyn" <dsr@ascure.com>
To: <pen-test@securityfocus.com>
Sent: Saturday, June 05, 2004 6:55 AM
Subject: Traceroutes to Cisco Routers

Hi all,

While performing pentests, I noticed some (strange) behaviour with
tracerouting to cisco routers.

Performing the trace with udp packets (default on linux), the router
answers with it's ip address of the interface closest to you (external
interface of the router).
Performing traces with icmp (-I flag in linux, default in windows), the
router answers with it's ip address that you are tracing to (mostlikely
the internal interface of the router).

Anybody noticed this behaviour as well?
Has somebody an explanation for this?

Regards,
Dieter

• Next message: H D Moore: "Metasploit Framework v2.1"
• Previous message: H Carvey: "Re: Global.asa security under IIS 6.0"
• In reply to: Dieter Sarrazyn: "Traceroutes to Cisco Routers"
• Next in thread: juan.losada@empresas.telefonica.es: "Re: Traceroutes to Cisco Routers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:55 EDT