hey all, got a tricky one for yeah! let me know if this is possible! - PS - the names are fake..lol (espz.net)

It's nothing urgent, but it's always been bugging me.

Anyone who does a TRACERT to a server / computer / ip will quickly
see a clear route to it; e.g.

[list]
1 1 ms 1 ms 1 ms 192.168.1.1
2 3 ms 2 ms 2 ms 6*.*.*.*
3 3 ms 3 ms 3 ms 19*.*.*
4 3 ms 3 ms 3 ms jhg51-h-fcs01.espz.net [21*.*.*]
5 36 ms 322 ms 5 ms jhg52-h-fcs01.espz.net [21*.*.*]
6 4 ms 4 ms 14 ms 4*.3*.*0-21*.espz.net[21*.*.*]
7 4 ms 6 ms 4 ms 13*.*.2*-21*.espz.net [21*.*.*]

Trace complete.

[/list:u]


And all the espz.net stuff at the end leaves me a little queasy, as BAM - a wanna be hacker now knows the IP of that system.

the espz.net names are obviously names of the core equipment and can not be changed.


Here's what I'm wondering:


there must be some 'technology'(As opposed to using a router [which is in place] to simply end a ping or tracert - is there another way....) to make a TRACERT respond with
a somewhat (how shall I say) misleading answer. Something
which would put hackers and such off the trail.

Since there is nothing that can be done with the espz.net stuff, I'd imagine
there would be some software / utility that would give

the following as a response to the same TRACERT:

[list]

1 1 ms 1 ms 1 ms 192.168.1.1
2 3 ms 2 ms 2 ms 6*.*.*.*
3 3 ms 3 ms 3 ms 19*.*.*
4 3 ms 3 ms 3 ms jhg51-h-fcs01.espz.net [21*.*.*]
5 36 ms 322 ms 5 ms jhg52-h-fcs01.espz.net [21*.*.*]
6 4 ms 4 ms 14 ms 4*.3*.*0-21*.espz.net[21*.*.*]
7 4 ms 6 ms 4 ms 13*.*.2*-21*.espz.net [21*.*.*]
7 4 ms 6 ms 4 ms here.not.really.net. [216.*.*.*]
8 6 ms 34 ms 9 ms roses.are.red.net [216.*.*.*]
9 14 ms 22 ms 8 ms see.me.ping.net [121.222.32.555]

Trace complete.

[/list:u]



Where we can determine/set the false names and IPs of everything
after the last real address (which a server, running this
clever utility).

Hmmm

Now this is good thread ... you have jogged my memory into doing somethings ...

APK, thanx for the link

feel fre to jog your memory on here as well



And alec , info is appreciated.


With the ip thing, i know that the IP of the isp' can't be changed at all. bummer


it is more to simply throw of a potential attack as well possibly / mainly not let someone know where the system is located - as someone will not think that the say 4th IP from the last one is the actual server, and will think the "dud" address are (the last one, when in fact it is not)

i will check out that link, as it is something to start!

i had thought perhap putting a linux box with NAT and such infront of the system we want to protect

so it would be


router - linux NAT box with firewall - System to be protected.

and this way the system to be protected is on an internal 192.* IP and is not as likely to have any damage done to it , even if someone did get into the linux box somehow...........


thoughts?

dam thas alot of reading..lol *prints this page*


Well, to let you know, the server is on a static IP and is on the backbone of an ISP in their server room - so the releasinbg of the Ip is not something that will be done.

there are hundreds of people a day connect to it and it is on 24/7.

but yeah, i am off to read everything over a few times.

from the person i was looking for.





now to find a windows version!

hey m8! i love comiong on here and seeing your replies!!..lol

So full of information - this will keep my busy for the day!!