Page 1 of 1
Change TTL Only TraceRoute Packet
Posted: Mon Jul 11, 2016 3:09 pm
by alisc
hi every body
I want to rule over all ICMP Packet have not applied
Only be applied to Trace Route packets
Who knows Trace Route ICMP Type and ICMP code ?
My Rule :
add action=change-ttl chain=prerouting comment=\
"Change TTL" disabled=yes new-ttl=increment:4 \
passthrough=no protocol=icmp
Re: Change TTL Only TraceRoute Packet
Posted: Mon Jul 11, 2016 3:36 pm
by andriys
Different traceroute tools on different platforms use different types of packets for tracing. Some use ICMP type 8 code 3 (ping) packets, others use UDP packets to a random (usually high) port number, which are hardly distinguishable from other UDP traffic.
Re: Change TTL Only TraceRoute Packet
Posted: Mon Jul 11, 2016 5:36 pm
by alisc
Different traceroute tools on different platforms use different types of packets for tracing. Some use ICMP type 8 code 3 (ping) packets, others use UDP packets to a random (usually high) port number, which are hardly distinguishable from other UDP traffic.
thanks a lot for quick response
I think Windows is TraceRoute !
Help me please
regards,
Re: Change TTL Only TraceRoute Packet
Posted: Mon Jul 11, 2016 7:03 pm
by ZeroByte
Why worry about incrementing TTL for only Traceroute?
Obviously you're trying to hide your topology from LAN-side users, but it really shouldn't affect anything to just bump the TTL by 4 for all packets (traceroute or otherwise).
In fact, only modifying "traceroute" packets (as has already been said, there's no such thing as a traceroute packet) will expose your attempt at hiding for anyone with any skill.
Being 100% consistent is going to make it much harder to detect your tweaking of packets.
If you have some really edge-case reason that you absolutely need un-modified TTL internally for certain reasons, then it would be easier to simply place exception rules matching these cases.