Backtracing Capabilities in Software Firewalls

Is the backtracing feature in software firewalls effective, say if someone was using a proxy?

Ive read in an article that by examining the TTL field in an IP header you can at least tell how many hops this packet has traveled. Though the author also mentioned that this is no longer very effective either.

Thanks again

 

Hello,

I should not recommend using this kind of tool : if it's really an attack nobody is stupid enough to do it with is real IP.

I it's just a probe to find weak machines the only result is that the scriptkiddie now knows for sure there is someone at your address

Better to use online tool like VisualRoute Demo from their site : the potential attacker will not see it's coming from you IP

Rgds,

 

Hi JacK,

is VisualRoute similar to NeoTrace Pro? It looks quite the same. Any knowledge about that?

Regards,

Patrice

 

I was wondering because when people get something in their firewall log or get an alert that they are being port scanned or pinged (numerous amounts of time), the first instinct is to usually check the log and the IP of the intruder. But as Jack mentioned, a lot of people today aren't going to conduct an attack from their own IP. So how effective are logs and the backtracing feature in firewalls? Are they only effective in telling the user of the origin of the last packet destination? Or are they effective enough to offer as proof to an ISP if someone is in violation of their ISP's TOS?

Thank you again

 

Thanks for the info on VisualRoute Demo
Evern though I know I shouldn't be using the back trace funtion in Sygate, I still do. ooppssss.
I will give Visual Route a try

con