Confuse a tracert - show it more then it actually is???

hey all, got a tricky one for yeah! let me know if this is possible! - PS - the names are fake. . lol (espz. net) It's nothing urgent, but it's always been bugging me. Anyone who does a TRACERT to a server / computer / ip will quickly see a clear route to it; e.

Windows Security 292 This topic was started by ,


data/avatar/default/avatar22.webp

1438 Posts
Location -
Joined 2001-01-04
hey all, got a tricky one for yeah! let me know if this is possible! - PS - the names are fake..lol (espz.net)
 
It's nothing urgent, but it's always been bugging me.
 
Anyone who does a TRACERT to a server / computer / ip will quickly
see a clear route to it; e.g.
 

1 1 ms 1 ms 1 ms 192.168.1.1
2 3 ms 2 ms 2 ms 6*.*.*.*
3 3 ms 3 ms 3 ms 19*.*.*
4 3 ms 3 ms 3 ms jhg51-h-fcs01.espz.net [21*.*.*]
5 36 ms 322 ms 5 ms jhg52-h-fcs01.espz.net [21*.*.*]
6 4 ms 4 ms 14 ms 4*.3*.*0-21*.espz.net[21*.*.*]
7 4 ms 6 ms 4 ms 13*.*.2*-21*.espz.net [21*.*.*]
 
Trace complete.
 
[/list:u]
 
 
And all the espz.net stuff at the end leaves me a little queasy, as BAM - a wanna be hacker now knows the IP of that system.
 
the espz.net names are obviously names of the core equipment and can not be changed.
 
 
Here's what I'm wondering:
 
 
there must be some 'technology'(As opposed to using a router [which is in place] to simply end a ping or tracert - is there another way....) to make a TRACERT respond with
a somewhat (how shall I say) misleading answer. Something
which would put hackers and such off the trail.
 
Since there is nothing that can be done with the espz.net stuff, I'd imagine
there would be some software / utility that would give
 
the following as a response to the same TRACERT:
 

 
1 1 ms 1 ms 1 ms 192.168.1.1
2 3 ms 2 ms 2 ms 6*.*.*.*
3 3 ms 3 ms 3 ms 19*.*.*
4 3 ms 3 ms 3 ms jhg51-h-fcs01.espz.net [21*.*.*]
5 36 ms 322 ms 5 ms jhg52-h-fcs01.espz.net [21*.*.*]
6 4 ms 4 ms 14 ms 4*.3*.*0-21*.espz.net[21*.*.*]
7 4 ms 6 ms 4 ms 13*.*.2*-21*.espz.net [21*.*.*]
7 4 ms 6 ms 4 ms here.not.really.net. [216.*.*.*]
8 6 ms 34 ms 9 ms roses.are.red.net [216.*.*.*]
9 14 ms 22 ms 8 ms see.me.ping.net [121.222.32.555]
 
Trace complete.
 
[/list:u]
 
 
 
Where we can determine/set the false names and IPs of everything
after the last real address (which a server, running this
clever utility).

Participate on our website and join the conversation

You have already an account on our website? Use the link below to login.
Login
Create a new user account. Registration is free and takes only a few seconds.
Register
This topic is archived. New comments cannot be posted and votes cannot be cast.

Responses to this topic


data/avatar/default/avatar01.webp

738 Posts
Location -
Joined 2002-12-11
Hmmm
 
Now this is good thread ... you have jogged my memory into doing somethings ...
 
APK, thanx for the link

data/avatar/default/avatar22.webp

1438 Posts
Location -
Joined 2001-01-04
OP
feel fre to jog your memory on here as well
 
 
 
And alec , info is appreciated.
 
 
With the ip thing, i know that the IP of the isp' can't be changed at all. bummer
 
 
it is more to simply throw of a potential attack as well possibly / mainly not let someone know where the system is located - as someone will not think that the say 4th IP from the last one is the actual server, and will think the "dud" address are (the last one, when in fact it is not)
 
i will check out that link, as it is something to start!
 
i had thought perhap putting a linux box with NAT and such infront of the system we want to protect
 
so it would be
 
 
router - linux NAT box with firewall - System to be protected.
 
and this way the system to be protected is on an internal 192.* IP and is not as likely to have any damage done to it , even if someone did get into the linux box somehow...........
 
 
thoughts?

data/avatar/default/avatar22.webp

1438 Posts
Location -
Joined 2001-01-04
OP
dam thas alot of reading..lol *prints this page*
 
 
Well, to let you know, the server is on a static IP and is on the backbone of an ISP in their server room - so the releasinbg of the Ip is not something that will be done.
 
there are hundreds of people a day connect to it and it is on 24/7.
 
but yeah, i am off to read everything over a few times.

data/avatar/default/avatar22.webp

1438 Posts
Location -
Joined 2001-01-04
OP
hey m8! i love comiong on here and seeing your replies!!..lol
 
So full of information - this will keep my busy for the day!!