Traceroute
1. ICMP traceroute
2. UDP traceroute
3. TCP traceroute
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ICMP traceroute
Traceroute 程序使用ICMP报文和IP首部重的TTL字段(生命周期).
TTL字段是由发送端初始设置一个8bit字段.常见值有64,15,32.
每个处理数据报的路由器需要把TTL的值减去数据报在路由器中停留
的秒数. 由于大多数的路由器转发数据报的时延都小于1秒钟, 因此
TTL最终成为一个跳站的计数器, 所经过的每个路由器都将其值减1.
如果路由器转发数据报的时延超过1秒, 那么它将把TTL值减去所消
耗的时间(秒数). 很少有路由器这么实现.
TTL字段的目的是防止数据报在选路时无休止地在网络中流动.
当路由器瘫痪或者两个路由器之间的连接丢失时, 选路协议有时会检
测丢失的路由并一直进行下去.在这段时间内,数据报可能在循环回路
被终止.
当路由器收到一份IP数据报, 如果TTL字段是0或1, 则路由器不转发
该数据报(接收到这种数据报的目的主机, 可以将它交给应用程序,
这是因为不需要转发该数据报. 通常情况下, 系统不应该接收TTL字段
为0的数据报). 路由器将该数据包丢弃, 并给源主机发送一份ICMP
“超时”信息.
Traceroute程序的关键在于这份ICMP信息的IP报文的源地址是路由器IP.
***************************************************************
Traceroute 程序操作过程如下:
1. 发送一份TTL字段为1的IP数据报给目标主机.
2. 路由将TTL值减1, 丢弃该数据报, 并发会一份超时ICMP报文
3. 然后程序发送TTL为2的数据报, 得到第二个路由器地址.
4. 继续整个过程, 直至该数据报到达目的主机.
注意:
1. 中间任何一个路由封掉 [ICMP Type 8 --- Echo Request], traceroute就不工作.
2. 如果封了 [ICMP Type 11 --- Time-to-live exceeded], 中间无法返回的路由地址.
3. 如果封了 [TCMP Type 0 --- Echo Reply] 最后的目的地址无法获取
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
UDP traceroute
源主机发出UDP包, 源端口使用随机的任何大于327678的数值,
同时TTL从1开始依次递增,
中间的路由返回[ICMP Type 11 ---- Time-to-live exceeded]
最后返回[ICMP Type 11 ---- Time-to-live exceeded] 和 端口不可达.
目的主机接收到TTL值为1的IP数据报, 也不会丢弃该数据报并产生一份
超时ICMP报文, 数据已经到达其最终目的地, 该如何判断是否到达目的
主机 ?
Traceroute程序发送一份UDP数据报给目的主机, 但它选择一个不可能的
值作为UDP端口(大于30000), 使目标主机的任何程序都不可能使用该端
口. 将数据报到达时, 使目标主机产生一份"端口不可达"错误的ICMP报文.
Traceroute程序需要区分ICMP报文是超时, 还是端口不可达, 以判断什么
时候结束.
注意:
如果中间封掉UDP, traceroute 不工作.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
TCP traceroute
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
http://www.phenoelit.org/irpas/
IRPAS ----- Internetwork Routing Protocol Attack Suite
Introduction
Routing protocols are by definition protocols, which are used by routers to communicate with each other about ways to deliver routed protocols, such as IP.
While many improvements have been done to the host security since the early days of the Internet, the core of this network still uses unauthenticated services for critical communication. Because most of the routers you will see in todays environments are Cisco products, we focus our work on these, which does not mean that it dosn't apply to other router vendors.
The idea is to implement small tools which can be scripted for larger tests while using the protocols describd in standards or white papers. IRPAS is not a collection of exploits. While several circumstances can lead to a denail of service attack, the tools try to implement routing protocol functionality as described by the papers, therefore enabling the user of these tools (probably you) to design it's own customized attack.
Another nice side effect is that people used to point-and-click attack tools should have some difficulties to use a raw IGRP sender tool.
We will try to outline some of the applications and scripts for these tools in the documentation, but most of the applications are still up to the user itself. We strongly encourage you to suggest new tools or improvements to us since developing such kind of a tool is an isolated work in todays AOL internet.
Supported protocols
CDP
IRDP
IGRP
EIGRP (discovery)
RIPv1 (discovery)
RIPv2 (discovery)
OSPF (discovery)
HSRP
DHCP DORA
ICMP redirects
This is an ongoing project, so watch out for more fun
1. ICMP traceroute
2. UDP traceroute
3. TCP traceroute
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ICMP traceroute
Traceroute 程序使用ICMP报文和IP首部重的TTL字段(生命周期).
TTL字段是由发送端初始设置一个8bit字段.常见值有64,15,32.
每个处理数据报的路由器需要把TTL的值减去数据报在路由器中停留
的秒数. 由于大多数的路由器转发数据报的时延都小于1秒钟, 因此
TTL最终成为一个跳站的计数器, 所经过的每个路由器都将其值减1.
如果路由器转发数据报的时延超过1秒, 那么它将把TTL值减去所消
耗的时间(秒数). 很少有路由器这么实现.
TTL字段的目的是防止数据报在选路时无休止地在网络中流动.
当路由器瘫痪或者两个路由器之间的连接丢失时, 选路协议有时会检
测丢失的路由并一直进行下去.在这段时间内,数据报可能在循环回路
被终止.
当路由器收到一份IP数据报, 如果TTL字段是0或1, 则路由器不转发
该数据报(接收到这种数据报的目的主机, 可以将它交给应用程序,
这是因为不需要转发该数据报. 通常情况下, 系统不应该接收TTL字段
为0的数据报). 路由器将该数据包丢弃, 并给源主机发送一份ICMP
“超时”信息.
Traceroute程序的关键在于这份ICMP信息的IP报文的源地址是路由器IP.
***************************************************************
Traceroute 程序操作过程如下:
1. 发送一份TTL字段为1的IP数据报给目标主机.
2. 路由将TTL值减1, 丢弃该数据报, 并发会一份超时ICMP报文
3. 然后程序发送TTL为2的数据报, 得到第二个路由器地址.
4. 继续整个过程, 直至该数据报到达目的主机.
注意:
1. 中间任何一个路由封掉 [ICMP Type 8 --- Echo Request], traceroute就不工作.
2. 如果封了 [ICMP Type 11 --- Time-to-live exceeded], 中间无法返回的路由地址.
3. 如果封了 [TCMP Type 0 --- Echo Reply] 最后的目的地址无法获取
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
UDP traceroute
源主机发出UDP包, 源端口使用随机的任何大于327678的数值,
同时TTL从1开始依次递增,
中间的路由返回[ICMP Type 11 ---- Time-to-live exceeded]
最后返回[ICMP Type 11 ---- Time-to-live exceeded] 和 端口不可达.
目的主机接收到TTL值为1的IP数据报, 也不会丢弃该数据报并产生一份
超时ICMP报文, 数据已经到达其最终目的地, 该如何判断是否到达目的
主机 ?
Traceroute程序发送一份UDP数据报给目的主机, 但它选择一个不可能的
值作为UDP端口(大于30000), 使目标主机的任何程序都不可能使用该端
口. 将数据报到达时, 使目标主机产生一份"端口不可达"错误的ICMP报文.
Traceroute程序需要区分ICMP报文是超时, 还是端口不可达, 以判断什么
时候结束.
注意:
如果中间封掉UDP, traceroute 不工作.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
TCP traceroute
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
http://www.phenoelit.org/irpas/
IRPAS ----- Internetwork Routing Protocol Attack Suite
Introduction
Routing protocols are by definition protocols, which are used by routers to communicate with each other about ways to deliver routed protocols, such as IP.
While many improvements have been done to the host security since the early days of the Internet, the core of this network still uses unauthenticated services for critical communication. Because most of the routers you will see in todays environments are Cisco products, we focus our work on these, which does not mean that it dosn't apply to other router vendors.
The idea is to implement small tools which can be scripted for larger tests while using the protocols describd in standards or white papers. IRPAS is not a collection of exploits. While several circumstances can lead to a denail of service attack, the tools try to implement routing protocol functionality as described by the papers, therefore enabling the user of these tools (probably you) to design it's own customized attack.
Another nice side effect is that people used to point-and-click attack tools should have some difficulties to use a raw IGRP sender tool.
We will try to outline some of the applications and scripts for these tools in the documentation, but most of the applications are still up to the user itself. We strongly encourage you to suggest new tools or improvements to us since developing such kind of a tool is an isolated work in todays AOL internet.
Supported protocols
CDP
IRDP
IGRP
EIGRP (discovery)
RIPv1 (discovery)
RIPv2 (discovery)
OSPF (discovery)
HSRP
DHCP DORA
ICMP redirects
This is an ongoing project, so watch out for more fun
扫一扫
981
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
