Security Incidents: Re: web related oddity

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: web related oddity

From: OFriedrichs () SECURITY-FOCUS COM (Oliver Friedrichs)
Date: Tue, 29 Feb 2000 12:45:20 -0800


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- What catches my eye is the TTL has changed dramatically
from Feb 24 to
  Feb 29.  Either the O/S of CCC.CCC.CCC.100 has changed, or
there is initial
  TTL trickery going on.


This is probably because the route the packets are taking has
changed.  Since the TTL is decremented for each hop, the changing of
routes can affect this - both local network and backbone network
changes.  Your not getting the initial TTL, your getting the TTL of
the packet after it has been routed over 20 routers (assuminig
initial TTL was 255).

Oliver Friedrichs
Product Marketing Manager,
securityfocus.com
(650) 655-2000 ext. 31

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQA/AwUBOLwuZMm4FXxxREdXEQJ+IACfXRGkboVCh5BnHaiU2cOIN9iSKOAAnjHC
6ApsqBe5FxOAuwFU6RF+uP9b
=HoDp
-----END PGP SIGNATURE-----

By Date By Thread

Current thread:

Re: web related oddity Oliver Friedrichs (Feb 29)
- <Possible follow-ups>
- Re: web related oddity Richard Bejtlich (Mar 04)
  - Port 33434 and decoy-scanning Jan Roger Wilkens (Mar 08)
    - Re: Port 33434 and decoy-scanning Pete Clements (Mar 08)
    - Re: Port 33434 and decoy-scanning Ryan Russell (Mar 09)
  - Re: web related oddity Ryan Russell (Mar 08)