Distributed Network for Reverse-Tracerouting 52
I got the head's up from some folks concerning Traceloop.com. It's an interesting idea - you can see what route your traffic takes on the /return/ path. By utilizing a large group of distributed test
points anyone registered with the service can run traceroutes in both directions provided there is a client near the destination ISP. So, they are looking for more people to sign up for the network - but also to have people use it. I'd like to see this used vis a vis DoS attacks and such - but this approach is a whole new way of doing this.
This gives me an idea (Score:2)
C:\>tracert slashdot.org
Tracing route to slashdot.org [127.0.0.1]
over a maximum of 30 hops:
1 <10 ms <10 ms <10 ms slashdot.org [127.0.0.1]
Trace complete.
Hrm, that looks pretty good. So why do the pages take so long to load?
--Shoeboy
Couldn't this be used to launch DoS attacks? (Score:2)
Now I know I'm not some kind of network guru, but isn't there the possibility that this could be used to launch DDoS attacks? Any kind of distributed system has got to have the ability to launch such attacks, and open services like this must surely be more vulnerable to abuse than machines that have to be cracked.
Hopefully the encryption system they are using will withstand such attempts. At least they've thought about it, because this kind of thing would probably be a target for malicious script kiddies.
However it would be good to be able to reverse traceroute incoming packets. It's also nice to be able to worry less about allowing UDP and ICMP through your firewall, and hopefully this will be taken up by enough concerned sysadmins to make it a viable concept. As recent attempts have shown, tracking down the originator of DDoS attacks is pretty hard, and this might save us the threat of yet more Government "protection" for the net.
Clogging? (Score:1)
Is it really a wise use of limited bandwidth resources to develope new network clogging toys for 'system administrators' to play with? What a lot of geeks tend to forget is that real people are trying to accomplish real work over the Internet. It's no longer just their personal playground.
The entire economy has been transformed to rely on networking and information technology. Bandwidth is a critical resource that mustn't be wasted on 'cool' new toys.
Even worse, systems like Traceloop are always poorly thought out and rife with possible exploits. The last thing we need is yet another platform for hackers to launch malicious attacks on the public and private sector's key information systems.
Basically, if it's not business critical, it doesn't belong on the Internet anymore.
- qpt
Hmmm, I'm sceptical (Score:1)
Also, the first time I tried it didn't work
Re:Hmmm, I'm sceptical (Score:1)
Quite often. It's the rule rather than the exception. Ever heard of 'hot potato routing'? Do a search and you'll understand.
Re:This gives me an idea (Score:5)
Not for free? (Score:1)
Or should I wait for www.opentraceloop.org?
Dave
Re:This gives me an idea (Score:2)
Tracing route to slashdot.org [127.0.0.1]
[...]
Hrm, that looks pretty good. So why do the pages take so long to load?
Because, as you've clearly demonstrated, slashdot.org is using a Microsoft operating system.
Touche.
Hidden Dragon ? (Score:1)
not found? (Score:1)
Getting a 404 error on the download link that was sent after registering. Anyone else getting this?
Re:Clogging? (Score:2)
Are your statements business critical? There is more to life, and the internet, than money.
Well the idea is not new, I read that before (Score:1)
Basically it gives you the ability to follow back to the source of an attacker.
The best argument I heard against it was that ISPs first should do some decent outgoing filtering to catch SMURF - attacks.
Of course you might be able to abuse the system by faking a malicious attack from the host to be attacked. I doubt that this would be fun for script kids though, since using multiple hosts sounds much more impressive.
Huh? (Score:3)
You business people need to realize that you don't own the internet. You pay for a very small amount of bandwidth on the internet, which you can do what you choose with, but you didn't build the internet, you don't maintain the internet and you have no right whatsoever to tell anyone else what to do with their bandwidth.
The only thing I can figure is you're either an idiot or a troll.. if the former is true, please go read Internet Architechtures by Halabi (cisco press book)... it is very useful. If the latter is the case, the fuck right off.
//Phizzy
Errm, what? (Score:2)
Sorry there, but if you take the time to read the FAQ [traceloop.com] you'll see that they express the same concerns about the possibility of this network being used as a launching point for DDoS. I don't see how this makes me a troll.
Re:Clogging? (Score:1)
I think a while back Nature published a paper to the effect of this, with a topology of the internet. The main thing to come out of this study was that the internet is fairly robust and secure unless those seeking to attack it know the busiest nodes to attack.
So what we are getting is a way to discover the weakest points for free, hence anyone with enough knowledge and motivation to do so can seriously damage the internet.
What it all comes down to is Do you really need to know where your packets go? With the Legislation introduced by the government in the UK, its all rather academic considering they are allowed to peek at the information anyway. And as far as i know there is no way to reroute your packets to take a specific route.
Basically it comes down to being a waste of bandwidth and resources, and a potential security problem.
Re:This gives me an idea (Score:2)
Heck, get VA to cough up an Alpha for the DB system, and load that puppy up to 10G of memory! It worked for Altavista...
Re:This gives me an idea (Score:1)
Re:Clogging? (Score:1)
Did Gore die and they made you king of the net ?
The internet is suposed free so where do you get off telling us what to use it for and what not to use it for ?
Maybe the tool can be used for usefull things
And where is the line, are things like Quake, irc
Re:Huh? (Score:1)
Error and attack tolerance of complex networks (Score:1)
Also available is full text and PDF of the paper.
Re:Rampant anti-government delusional paranoia (Score:1)
You might be able to fire him, but I am a South African living in London, UK. What am I supposed to do when your goverment, I am guessing USA, decideds that they are the "Law of the Internet"? Do I get a vote on who sits in the Whitehouse, who makes the laws and who applies the law?
When will people realise that the USA/"country of choice" is not the Internet, the whole world is, even the horrible little countries you are not allowed to export encryption to. Andrew
Very useful for people in JANET (Score:3)
Having a way to do reverse traceroutes would be invaluable for identifing the offending traffic more effectively.
Currently we can look at traceroutes for evidence of the JANET US gateways, and the ping time (anything that does through the US gateways >70ms) all of which isn't ideal...
Re:Not for free? (Score:2)
They make the clients and run the central servers which tie the whole thing together. This is not a fully distributed Network like gnutella (thank god). So there is nothing wrong with them trying to make some money from it.
Re:Stop Nazism! (Score:1)
Re:Rampant anti-government delusional paranoia (Score:1)
This brings up the pertinent question, "why is your government paying attention?" The USA is certainly not within its rights to be intervening in your country's internal affairs. If the USA oversteps its boundaries, it is your government's prerogative to ignore it. When imperialists try to dictate terms to you, it is your obligation ro resist.
When will people realise that the USA/"country of choice" is not the Internet, the whole world is, even the horrible little countries you are not allowed to export encryption to.
Complaining about the situation won't make it any better; you've got to take action if you want anyone to listen. "Political power grows out of the barrel of a gun," as Chairman Mao said - and while it's not often wise to apply this proverb literally, the saying certainly has a lot of truth to it.
Tracing DOS? (Score:3)
A serious DOS wil use spoofed source addresses, rendering this use useless.
What about looking glass? (Score:5)
Check out http://nitrous.digex.net [digex.net] for more info. An invaluable tool for routing engineers.
Re:Hmmm, I'm sceptical (Score:2)
During a Denial of Service attack, certain peers can be overwhelmed, while others are passing little or no traffic. This tool will let you bounce tranceroutes off of other starting points so that you can correctly verify your transit and peering operation. There is a lot of value in this tool. I can see larger ISPs paying a subscription to gain access to this type of service to help them develop their own Quality of Service with peering providers.
Hopefully they add support for IPv6 and the 6bone, as for now we're restricted to using web pages with traceroute CGI's. For more information on BGP routing, take a look at http://www.landfield.com/rfcs/rfc1771.html [landfield.com]. Have a nice day!
-Pat
Re:Hmmm, I'm sceptical (Score:1)
-Pat
Re:Hidden Dragon ? (Score:1)
Re:Hmmm, I'm sceptical (Score:1)
The idea is quite nice, but what's the actual use of this? In practice, how many times does it happen that the reverse route differs from the forward route?
Well, you obiously haven't looked at many traceroutes. Or maybe you are thinking of things within your own network. However, it is highly likely if I trace from my network to someone elses on the other side of the world the return route would be different. Therefore a tool like this is excellent for debugging network problems. It might some times be the case when you traceroute to someone (e.g. Exodus). The traceroute *'s out on the last few hops. If you could see things from Exodus's side you would see that there is nothing wrong with their network but that the packets are coming back through a different route and that route has problems. Without a reverse traceroute you might incorrectly presume that there is a problem with Exodus. This sort of tool is truely useful for debugging network problems.
Having said that, I have been using various Looking Glasses around the world to debug connections already and this doesn't add anthing new except that it is working on a bigger scale and is easier to use.
Re:Hmmm, I'm sceptical (Score:2)
Just because a packet travelling from point A to point B passing through router C, because point A thought C was the best place to send the packet, does not mean that B will think the same thing. B may send the packet to a different router, or any of the many routers in between might make such a decision.
Of course, it doesn't really make any difference as long as the packet gets there. When this becomes significant is when you get horrible latency or speed issues when connecting to a specific site but nobody else has the same problem. The site may have plenty of bandwidth, but a router somewhere in between is sending your data to you through a clogged hole somewhere.
-Restil
QOS very important (Score:1)
Re:Clogging? (Score:1)
If you have a link that supports that number, I'd be interested in seeing. Of course, 2/3 of all statistics are made-up :).
Let's say that Traceloop does 1 million traces a day. Each one causes 30 out-going and 30 in-coming packets to be sent. That's a total of 60M packets per day, or 700 per second, which is a drop in the bucket. Even if you go up to 1 billion traces, it's still insignificant to the Internet as a whole.
YHBT. YHL. HAND. (Score:1)
Re:This gives me an idea (Score:2)
they describe their hardware in the faq [slashdot.org]. however, as i recall from attending a talk hemos gave a few weeks back at wpi [wpi.edu], those stats are all out of date. i think the ram in those boxen has doubled since the last update to the desciption, and is about to do so again.
Re:Huh? (Score:1)
Re:not found? (Score:1)
..and once we get to the third or fourth patch, you'll see things will start to get working.
huraY!
Dave
Re:This gives me an idea (Score:3)
Given the amount of crap the
Re:This could be dangerous (Score:3)
We will endeavour to make this clearer on the web site in the future. Go ahead and grab it if you like.
Re:Well the idea is not new, I read that before (Score:1)
kashani
Nature study not the full story (Score:1)
Fortunately your average attacker could only kill one larger router/access point at a time. Even the last DDOS was only beating on Yahoo, ebay, etc individually IIRC. Not to mention that network infrastructure is quite a bit harder to take down then a web cluster.
kashani
Re:This gives me an idea (Score:1)
--------
Re:Clogging? (Score:1)
Re:This gives me an idea (Score:1)
Which means that Shoeboy simply added slashdot.org to his local hosts file, mapped it to his own machine, and ran tracert.
Not a bad troll, though.
Re:not found? (Score:1)
reverse traceroute vs. embedded locator chips (Score:1)
It strikes me as strange that the people who got worked up over locator/id chips being embedded in consumer products, are not getting worked up over this.
Yes reverse traceroute is more indirect, but both are ways to locate the general whereabouts of the individual.
The question is where do we draw the line?
Frank Fletcher.
...or use HEP, which requires no sign up (Score:1)
It works really well.
Re: (Score:1)
Re:Tracing DOS? (Score:1)
Re:This gives me an idea (Score:1)
Re:Huh? (Score:2)
It's used for a lot more than that. It is a required protocol, all IP stacks must support it. If they don't, they aren't IP stacks, they some proprietary thing that is similar to IP.
-