0trace : A Tool to Trace Behind The Firewall

Michal Zalewski has just released a new security tool called 0trace. Here is a brief description about it :

This tool enables the user to perform hop enumeration (“traceroute”) within an established TCP connection, such as a HTTP or SMTP session.

This is opposed to sending stray packets, as traceroute-type tools usually do.

Here is the benefit of using the mechanism applied by 0trace “such traffic is happily allowed through by many stateful firewalls and other defenses without further inspection (since it is related to an entry in the connection table)”.

But it also has limitations. According to the announcement information, the tool will not produce interesting results in the following situations:

  • Target’s firewall drops all outgoing ICMP messages,
  • Target’s firewall does TTL or full-packet rewriting,
  • There’s an application layer proxy / load balancer in the way (Akamai, in-house LBs, etc),
  • There’s no notable layer 3 infrastructure behind the firewall.

You can get more information about this from LWN article.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s