ICMP- traceroute -DNS

ICMP- traceroute -DNS

Post by TiaMari » Fri, 03 Mar 2000 04:00:00



Hello people,
   I am trying to traceroute a host , but here is a firewall that filters
the icmp packets  I send . Is there any way to trick the remote host by
sending icmp packets at port 53 as they where dns queries ?

Thanks In Advance
Tia Maria

ps. Sorry for the bad english

 
 
 

ICMP- traceroute -DNS

Post by brian hile » Fri, 03 Mar 2000 04:00:00



Quote:>    I am trying to traceroute a host , but here is a firewall that filters
> the icmp packets  I send . Is there any way to trick the remote host by
> sending icmp packets at port 53 as they where dns queries ?
> Thanks In Advance; Tia Maria
> ps. Sorry for the bad english

I suggest the "path of least resistance" is to use a Web traceroute
front-end. Your firewall _does_ allow HTTP access, does it not? I
suggest:

http://www.ntua.gr/nmc/traceroute.html

-Brian

 
 
 

ICMP- traceroute -DNS

Post by Barry Margoli » Fri, 03 Mar 2000 04:00:00




>Hello people,
>   I am trying to traceroute a host , but here is a firewall that filters
>the icmp packets  I send . Is there any way to trick the remote host by

Traceroute doesn't send ICMP packets, it sends UDP packets (however,
Microsoft TRACERT does send ICMP packets).  Traceroute *receives* ICMP
packets from the routers along the way: they send TTL Exceeded error
packets.

Quote:>sending icmp packets at port 53 as they where dns queries ?

Your question makes no sense.  DNS queries use UDP, not ICMP.  There's no
way to get routers to send the error packets in DNS queries -- why would a
router designer even consider such a weird thing?  ICMP and DNS are totally
unrelated to each other.

--

GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

ICMP- traceroute -DNS

Post by Michael Sierchi » Fri, 03 Mar 2000 04:00:00




> >    I am trying to traceroute a host , but here is a firewall that filters
> > the icmp packets  I send . Is there any way to trick the remote host by
> > sending icmp packets at port 53 as they where dns queries ?

> I suggest the "path of least resistance" is to use a Web traceroute
> front-end. Your firewall _does_ allow HTTP access, does it not? I
> suggest:

> http://www.ntua.gr/nmc/traceroute.html

Ah, the blind leading the blind.  An average USENET day...

Ahem -  perhaps it would help either or both of you to understand how
traceroute works?  Traceroute sends UDP packets to a port where presumably no
listener is bound with a TTL of 1, then 2, etc.  This generates
an ICMP message type 11, "time exceeded,"  directed back to the sender
from each router along the way.  A simplifying assumtion is made that
the packets are taking the same route each time,  which is usually true.

If the firewall is blocking all ICMP packets (as some brain-dead firewalls
do) then it simply isn't going to work.  Network address translation also
tends to handle ICMP poorly.  

And what the heck is doing a traceroute from some web server in GREECE
going to tell?  Nothing useful, if your goal is to see how packets get
from where *you* are to somewhere else.

 
 
 

ICMP- traceroute -DNS

Post by xl.. » Sat, 04 Mar 2000 04:00:00




Quote:> Ah, the blind leading the blind.  An average USENET day...
...
> And what the heck is doing a traceroute from some web server in GREECE
> going to tell?  Nothing useful, if your goal is to see how packets get
> from where *you* are to somewhere else.

The original poster was posting from Greece:
Organization: National Technical University of Athens, Greece
NNTP-Posting-Host: nocgrp1.ceid.upatras.gr

So perhaps the link is relevant to him.

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

ICMP- traceroute -DNS

Post by Volker Borche » Sat, 04 Mar 2000 04:00:00


|> Traceroute sends UDP packets to a port where presumably no

BTW, Windows NT tracert uses "ICMP Echo Request" probes.

--



 
 
 

ICMP- traceroute -DNS

Post by Wally Whacke » Sat, 04 Mar 2000 04:00:00





> >Hello people,
> >   I am trying to traceroute a host , but here is a firewall that filters
> >the icmp packets  I send . Is there any way to trick the remote host by

> Traceroute doesn't send ICMP packets, it sends UDP packets (however,
> Microsoft TRACERT does send ICMP packets).  Traceroute *receives* ICMP
> packets from the routers along the way: they send TTL Exceeded error
> packets.

> >sending icmp packets at port 53 as they where dns queries ?

> Your question makes no sense.  DNS queries use UDP, not ICMP.  There's no
> way to get routers to send the error packets in DNS queries -- why would a
> router designer even consider such a weird thing?  ICMP and DNS are totally
> unrelated to each other.

Yes. You can tell traceroute to use port 53 which will let it slip
through firewalls with port 53 commonly open. Outgoing traceroute
probes can be configured to start with a certain port number but
unfortunately, traceroute increments the port numbers of each probe as
a way to determine which hop sent back a timeout. Otherwise

traceroute -p 53 10.2.1.2

for example. Would work.

I suppose you could try -p 49, -p 48, -p 47 etc until you got through
the firewall.

I hear there is a patch out there by a Michael Schiffman that makes
traceroute work without port incrementing.

Wally

--
Strangers in your computer? Don't be the last one to find out.
http://www.veryComputer.com/
Security Link of the Hour:
http://www.veryComputer.com/*crime/

 
 
 

ICMP- traceroute -DNS

Post by jose » Sat, 04 Mar 2000 04:00:00



> I hear there is a patch out there by a Michael Schiffman that makes
> traceroute work without port incrementing.

yep. the tool is called "firewalk", and there is a proof of concept patch to
traceroute to do this, too.

http://www.packetfactory.net/firewalk/ should be the link.

anyhow, it still wont work if the ICMP error codes that tell traceroute "this is
a router along the way" can't get back in... do you perhaps have a shell account
on another host outside the firewall? if so, work from there, i would say.


 
 
 

1. icmp : does icmp have no dependency on dns?

hi.

i was working on helping someone to get a suse-install fixed-up for dns,
and found out that he was able able to ping places even when there
apparently isn't a valid entry in /etc/rc.config ( which, by default, is
used by the suse scripts to generate a resolv.conf )

the question+:

does icmp-packet routing not depend on DNS ?

does tcp-packet routing depend on dns ?

does anything depend on dns besides whatever is buried in something like
a netscape?

  (if so, any tips on (a url for, or a book if no url) where to find a
table of what depends on what?)

thanks!

--
sc

2. Can Linux manage 2 monitors?

3. traceroute w/ icmp and udp probes

4. how do I install programs

5. Solaris 2.3/4/5 all do this w/ traceroute - ICMP port unreachable

6. Guide to removing unnecessary packages

7. traceroute: icmp socket: Permission denied?

8. How to be constantly hooked up to Internet.

9. IPNAT and ICMP (traceroute)

10. Sol 2.5 & traceroute & icmp

11. traceroute icmp error

12. /usr/sbin/traceroute ha1 ksh: /usr/sbin/traceroute: not found

13. DNS-traceroute