Hi, On Tue, Aug 11, 1998 at 08:48:09PM -0400, #include <gerbil.h> wrote: [RotoRouter] Some time ago I've wrote a similar utility. From http://sb.123.org/tdetect.html --------------------------- cut here ---------------------- Traceroute Detector If you're interested to detect all attempts to make "traceroute your-host" or "traceroute host.your-network", you can try to use this simple program. The idea is simple - to detect UDP (Unix traceroute) or ICMP ECHO (Windows traceroute) packets with TTL fields == 1. Program was developed under FreeBSD 2.2.2 using Berekeley Packet Filter library, currently supports only loopback and ethernet interfaces (it's easy to add SLIP/FDDI). It's possible to port it to other systems (don't forget to send me diffs ;). Remember - it's not a completed product, just a couple of C-files to demonstrate the idea. An example of output: Traceroute Detector active on fxp0 UDP-based traceroute attempt to 10.0.0.20 from 10.10.30.45 ICMP-based traceroute attempt to 10.0.0.1 from 10.10.30.48 First one is probably UNIX box, and the second one is Windows (or Unix traceroute with "-I" option) --------------------------- cut here ---------------------- You can download it from that page. Regards, V. -- Vadim Kolontsov Tver Internet Center NOC
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:11 PDT