Backtracing Capabilities in Software Firewalls

Discussion in 'other firewalls' started by I_lack_commonsense, May 17, 2003.

Thread Status:
Not open for further replies.
  1. I_lack_commonsense

    I_lack_commonsense Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    44
    Is the backtracing feature in software firewalls effective, say if someone was using a proxy?

    Ive read in an article that by examining the TTL field in an IP header you can at least tell how many hops this packet has traveled. Though the author also mentioned that this is no longer very effective either.

    Thanks again
     
  2. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    I should not recommend using this kind of tool : if it's really an attack nobody is stupid enough to do it with is real IP.

    I it's just a probe to find weak machines the only result is that the scriptkiddie now knows for sure there is someone at your address ;)

    Better to use online tool like VisualRoute Demo from their site : the potential attacker will not see it's coming from you IP ;)

    Rgds,
     
  3. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi JacK,

    is VisualRoute similar to NeoTrace Pro? It looks quite the same. Any knowledge about that?

    Regards,

    Patrice
     
  4. I_lack_commonsense

    I_lack_commonsense Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    44
    I was wondering because when people get something in their firewall log or get an alert that they are being port scanned or pinged (numerous amounts of time), the first instinct is to usually check the log and the IP of the intruder. But as Jack mentioned, a lot of people today aren't going to conduct an attack from their own IP. So how effective are logs and the backtracing feature in firewalls? Are they only effective in telling the user of the origin of the last packet destination? Or are they effective enough to offer as proof to an ISP if someone is in violation of their ISP's TOS?

    Thank you again
     
  5. controler

    controler Guest

    Thanks for the info on VisualRoute Demo
    Evern though I know I shouldn't be using the back trace funtion in Sygate, I still do. ooppssss.
    I will give Visual Route a try

    con
     
Loading...
Thread Status:
Not open for further replies.