Confuse a tracert - show it more then it actually is???

[Mr.Guvernment 0]

hey all, got a tricky one for yeah! let me know if this is possible! - PS - the names are fake..lol (espz.net)

 

It's nothing urgent, but it's always been bugging me.

 

Anyone who does a TRACERT to a server / computer / ip will quickly

see a clear route to it; e.g.

 

1 1 ms 1 ms 1 ms 192.168.1.1

2 3 ms 2 ms 2 ms 6*.*.*.*

3 3 ms 3 ms 3 ms 19*.*.*

4 3 ms 3 ms 3 ms jhg51-h-fcs01.espz.net [21*.*.*]

5 36 ms 322 ms 5 ms jhg52-h-fcs01.espz.net [21*.*.*]

6 4 ms 4 ms 14 ms 4*.3*.*0-21*.espz.net[21*.*.*]

7 4 ms 6 ms 4 ms 13*.*.2*-21*.espz.net [21*.*.*]

 

Trace complete.

 

[/list:u]

 

 

And all the espz.net stuff at the end leaves me a little queasy, as BAM - a wanna be hacker now knows the IP of that system.

 

the espz.net names are obviously names of the core equipment and can not be changed.

 

 

Here's what I'm wondering:

 

 

there must be some 'technology'(As opposed to using a router [which is in place] to simply end a ping or tracert - is there another way....) to make a TRACERT respond with

a somewhat (how shall I say) misleading answer. Something

which would put hackers and such off the trail.

 

Since there is nothing that can be done with the espz.net stuff, I'd imagine

there would be some software / utility that would give

 

the following as a response to the same TRACERT:

 

 

1 1 ms 1 ms 1 ms 192.168.1.1

2 3 ms 2 ms 2 ms 6*.*.*.*

3 3 ms 3 ms 3 ms 19*.*.*

4 3 ms 3 ms 3 ms jhg51-h-fcs01.espz.net [21*.*.*]

5 36 ms 322 ms 5 ms jhg52-h-fcs01.espz.net [21*.*.*]

6 4 ms 4 ms 14 ms 4*.3*.*0-21*.espz.net[21*.*.*]

7 4 ms 6 ms 4 ms 13*.*.2*-21*.espz.net [21*.*.*]

7 4 ms 6 ms 4 ms here.not.really.net. [216.*.*.*]

8 6 ms 34 ms 9 ms roses.are.red.net [216.*.*.*]

9 14 ms 22 ms 8 ms see.me.ping.net [121.222.32.555]

 

Trace complete.

 

[/list:u]

 

 

 

Where we can determine/set the false names and IPs of everything

after the last real address (which a server, running this

clever utility).

[DS3Circuit 0]

Hmmm

 

Now this is good thread ... you have jogged my memory into doing somethings ...

 

APK, thanx for the link

[Mr.Guvernment 0]

feel fre to jog your memory on here as well

 

 

 

And alec , info is appreciated.

 

 

With the ip thing, i know that the IP of the isp' can't be changed at all. bummer

 

 

it is more to simply throw of a potential attack as well possibly / mainly not let someone know where the system is located - as someone will not think that the say 4th IP from the last one is the actual server, and will think the "dud" address are (the last one, when in fact it is not)

 

i will check out that link, as it is something to start!

 

i had thought perhap putting a linux box with NAT and such infront of the system we want to protect

 

so it would be

 

 

router - linux NAT box with firewall - System to be protected.

 

and this way the system to be protected is on an internal 192.* IP and is not as likely to have any damage done to it , even if someone did get into the linux box somehow...........

 

 

thoughts?

[Mr.Guvernment 0]

dam thas alot of reading..lol *prints this page*

 

 

Well, to let you know, the server is on a static IP and is on the backbone of an ISP in their server room - so the releasinbg of the Ip is not something that will be done.

 

there are hundreds of people a day connect to it and it is on 24/7.

 

but yeah, i am off to read everything over a few times.

[Mr.Guvernment 0]

from the person i was looking for.

 

 

Quote:

Thanks for keeping on this. I came across a program that pretty-much does what we need, but unfortunately it runs under UNIX. Maybe your guys know of place to get a similar utility for NT.

 

http://onlinesecurity.virtualave.net/attacks/tools/roto.htm

 

 

 

now to find a windows version!

[Mr.Guvernment 0]

hey m8! i love comiong on here and seeing your replies!!..lol

 

So full of information - this will keep my busy for the day!!