Hi, in FreeBSD kernel is options that make router stealth, packet passed throw router have no change in TTL value. Is a posibility to make similar thing in Linux, I think that in traceroute isn''t this hop, no asteris, no router, no change in TTL, nothing ...? PSIkappa psi@atlantis.sk
On Sat, Mar 24, 2001 at 06:32:04PM +0100, M.F. PSIkappa wrote:> Hi, > in FreeBSD kernel is options that make router stealth, packet passed throw > router have no change in TTL value. > Is a posibility to make similar thing in Linux, I think that in traceroute > isn''t this hop, no asteris, no router, no change in TTL, nothing ...?There are multiple ways to achieve this. * The Ethernet Frame Diverter which allows you to operate as a transparent bridge. The URL is in the HOWTO * The TTL target in iptables. This allows you to raise the TTL again, so nobody might see your router. If you disallow certain ICMP Port Unreachable messages, I think your router won''t appear in traceroute. You need to use proxy arp tricks to draw packets into your router if you want it to be totally transparent. Regards, bert -- http://www.PowerDNS.com Versatile DNS Services Trilab The Technology People ''SYN! .. SYN|ACK! .. ACK!'' - the mating call of the internet
On Sun, Mar 25, 2001 at 11:34:59PM +0300, Konrads Smelkov wrote:> Can someone be more specific about ttl target? In manual there isn''t anything matching TTL...It''s in the iptables-1.2.1a release: EXTRA EXTENSIONS The following extensions are not included by default in the standard distribution. ttl This module matches the time to live field in the IP header. --ttl ttl Matches the given TTL value. TTL This target is used to modify the time to live field in the IP header. It is only valid in the mangle table. --ttl-set ttl Set the TTL to the given value. --ttl-dec ttl Decrement the TTL by the given value. --ttl-inc ttl Increment the TTL by the given value. Regards, bert -- http://www.PowerDNS.com Versatile DNS Services Trilab The Technology People ''SYN! .. SYN|ACK! .. ACK!'' - the mating call of the internet