PDA

View Full Version : Backtracing Capabilities in Software Firewalls

I_lack_commonsense
May 17th, 2003, 09:14 PM
Is the backtracing feature in software firewalls effective, say if someone was using a proxy?

Ive read in an article that by examining the TTL field in an IP header you can at least tell how many hops this packet has traveled. Though the author also mentioned that this is no longer very effective either.

Thanks again
JacK
May 18th, 2003, 04:36 AM
-{ Quote: " quoting: I_lack_commonsense link=board=23;threadid=9323;start=0#61048 date=1053220470]
Is the backtracing feature in software firewalls effective, say if someone was using a proxy?

Ive read in an article that by examining the TTL field in an IP header you can at least tell how many hops this packet has traveled. Though the author also mentioned that this is no longer very effective either.

Thanks again
" }-

Hello,

I should not recommend using this kind of tool : if it's really an attack nobody is stupid enough to do it with is real IP.

I it's just a probe to find weak machines the only result is that the scriptkiddie now knows for sure there is someone at your address ;)

Better to use online tool like VisualRoute Demo from their site : the potential attacker will not see it's coming from you IP ;)

Rgds,
Patrice
May 18th, 2003, 06:23 AM
Hi JacK,

is VisualRoute similar to NeoTrace Pro? It looks quite the same. Any knowledge about that?

Regards,

Patrice
I_lack_commonsense
May 18th, 2003, 12:14 PM
I was wondering because when people get something in their firewall log or get an alert that they are being port scanned or pinged (numerous amounts of time), the first instinct is to usually check the log and the IP of the intruder. But as Jack mentioned, a lot of people today aren't going to conduct an attack from their own IP. So how effective are logs and the backtracing feature in firewalls? Are they only effective in telling the user of the origin of the last packet destination? Or are they effective enough to offer as proof to an ISP if someone is in violation of their ISP's TOS?

Thank you again
controler
May 18th, 2003, 01:47 PM
Thanks for the info on VisualRoute Demo
Evern though I know I shouldn't be using the back trace funtion in Sygate, I still do. ooppssss.
I will give Visual Route a try

con