About a week ago I sent a message the list regarding Toto and how I found it hard to believe he was a country & western artist. I mentioned a tribute to Toto and an URL pointing to a web page on a data security product at a web site which is total spoof. The URL lead to a page touting a data security product called PUP, Pretty Useless Privacy. I shamelessly plagiarized Toto's concept, and even some of sentences, from a post on Pretty Lousy Privacy. I even managed to get most of the characteristics of Snake Oil in one sentence. The graphics on the page is a Snake Charmer. Now you figure the Feds will visit for sure, just try and spot them. Resolve the IP addresses to a domain name might work but if they had a clue they would use dummy domains. I would like to nominate the folks at IP address 204.249.179.54, or better yet the whole Class C as possible Feds. The IP address does not resolve to a domain name, actually all the IP address in the Class C plus the 204.249.178 Class C. I didn't bother to try any other neighbouring Class Cs. I can understand a few IP addresses of isolated machines not resolving to a domain name but not the whole Class C. You should also be able to see the default gateway's domain name. Seems like this may be the site of some paranoid privacy loving folks. If I have slandered any Cypherpunk and their company, who may be at least privacy loving, please accept my apologies in advance but please let me know if I made a mistake.
"Kevin J. Stephenson"
A lot of companies that get Net access never setup the reverse DNS entries out of sheer laziness on their assigned class C, and their upstream provider doesn't care. Feds probably have Class A and B addresses anyways.
Traceroute doesn't use DNS, it doesn't need to as it already has the IP numbers. DNS is a system which provides IP numbers when you give it a domain name. Reverse DNS provides a host name to an IP address but Traceroute doesn't use it. Traceroute works at the router level. Traceroute is like Ping but provides information on every hop including IP number and assigned device name. With Traceroute if a host name is not received, when requested of course, it is because the equipment was not assigned a host name or it is deliberately suppressed. I don't use Traceroute a lot but this is the first time I have seen host names suppressed. A lot of routers have ICM suppressed and will not provide a device name. If an end user site wants to provide better security they will turn off ICM packets. At that point Traceroute doesn't work at all. Virtually Raymond D. Mereniuk Raymond@fbn.bc.ca
Raymond D. Mereniuk wrote:
Traceroute doesn't use DNS, it doesn't need to as it already has the IP numbers. DNS is a system which provides IP numbers when you give it a domain name. Reverse DNS provides a host name to an IP address but Traceroute doesn't use it.
Traceroute works at the router level. Traceroute is like Ping but provides information on every hop including IP number and assigned device name. With Traceroute if a host name is not received, when requested of course, it is because the equipment was not assigned a host name or it is deliberately suppressed. I don't use Traceroute a lot but this is the first time I have seen host names suppressed.
A lot of routers have ICM suppressed and will not provide a device name. If an end user site wants to provide better security they will turn off ICM packets. At that point Traceroute doesn't work at all.
Not quite true. traceroute does use DNS. If you do traceroute www.joe.com it will use dns to resolve it to an ip. If you do traceroute 10.0.0.1, it will use dns to resolve it to a name. At every hop, it will use reverse DNS to resolve the ip's to names. If a hop doesn't have a reverse, you see it's ip. Traceroute under unix uses UDP on some high random port. Traceroute on NT (TRACERT.EXE) uses ICMP. In both cases, it sets the TTL field to 1, and sends a message. The router dropping the message responds with ICMP telling your host, "packet dropped due to ttl" -- this returns that router's ip address to you. (For non TCP heads - each packet has a TTL - time to live field that gets decreased as the packet "hops" across a router. When the TTL reaches zero, the next router to receive it drops it and returns an error to the sender. This mechanism is used to prevent router loops from brining down all the networks in the loop among other things like tracing a route...) One can hide routers by making them ignore ICMP or not respond to ICMP. In such cases, you simply get time outs (a line with 3 *'s)... A good test is to use traceroute from NT/95 and another from unix so you can tell what's filtered. -- =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian |Prying open my 3rd eye. So good to see |./|\. ..\|/..|sunder@sundernet.com|you once again. I thought you were |/\|/\ <--*-->| ------------------ |hiding, and you thought that I had run |\/|\/ ../|\..| "A toast to Odin, |away chasing the tail of dogma. I opened|.\|/. .+.v.+.|God of screwdrivers"|my eye and there we were.... |..... ======================= http://www.sundernet.com ==========================
participants (2)
-
Ray Arachelian
-
Raymond D. Mereniuk