* [LARTC] Stealth Router
@ 2001-03-24 17:32 M.F. PSIkappa
2001-03-24 21:29 ` bert hubert
2001-03-25 19:55 ` bert hubert
0 siblings, 2 replies; 3+ messages in thread
From: M.F. PSIkappa @ 2001-03-24 17:32 UTC (permalink / raw)
To: lartc
Hi,
in FreeBSD kernel is options that make router stealth, packet passed throw
router have no change in TTL value.
Is a posibility to make similar thing in Linux, I think that in traceroute
isn't this hop, no asteris, no router, no change in TTL, nothing ...?
PSIkappa
psi@atlantis.sk
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] Stealth Router
2001-03-24 17:32 [LARTC] Stealth Router M.F. PSIkappa
@ 2001-03-24 21:29 ` bert hubert
2001-03-25 19:55 ` bert hubert
1 sibling, 0 replies; 3+ messages in thread
From: bert hubert @ 2001-03-24 21:29 UTC (permalink / raw)
To: lartc
On Sat, Mar 24, 2001 at 06:32:04PM +0100, M.F. PSIkappa wrote:
> Hi,
> in FreeBSD kernel is options that make router stealth, packet passed throw
> router have no change in TTL value.
> Is a posibility to make similar thing in Linux, I think that in traceroute
> isn't this hop, no asteris, no router, no change in TTL, nothing ...?
There are multiple ways to achieve this.
* The Ethernet Frame Diverter which allows you to operate as a transparent
bridge. The URL is in the HOWTO
* The TTL target in iptables. This allows you to raise the TTL again, so
nobody might see your router. If you disallow certain ICMP Port
Unreachable messages, I think your router won't appear in traceroute. You
need to use proxy arp tricks to draw packets into your router if you want
it to be totally transparent.
Regards,
bert
--
http://www.PowerDNS.com Versatile DNS Services
Trilab The Technology People
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] Stealth Router
2001-03-24 17:32 [LARTC] Stealth Router M.F. PSIkappa
2001-03-24 21:29 ` bert hubert
@ 2001-03-25 19:55 ` bert hubert
1 sibling, 0 replies; 3+ messages in thread
From: bert hubert @ 2001-03-25 19:55 UTC (permalink / raw)
To: lartc
On Sun, Mar 25, 2001 at 11:34:59PM +0300, Konrads Smelkov wrote:
> Can someone be more specific about ttl target? In manual there isn't anything matching TTL...
It's in the iptables-1.2.1a release:
EXTRA EXTENSIONS
The following extensions are not included by default in
the standard distribution.
ttl
This module matches the time to live field in the IP
header.
--ttl ttl
Matches the given TTL value.
TTL
This target is used to modify the time to live field in
the IP header. It is only valid in the mangle table.
--ttl-set ttl
Set the TTL to the given value.
--ttl-dec ttl
Decrement the TTL by the given value.
--ttl-inc ttl
Increment the TTL by the given value.
Regards,
bert
--
http://www.PowerDNS.com Versatile DNS Services
Trilab The Technology People
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2001-03-25 19:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-03-24 17:32 [LARTC] Stealth Router M.F. PSIkappa
2001-03-24 21:29 ` bert hubert
2001-03-25 19:55 ` bert hubert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox