PoempelFox Blog

[..] [RSS Feed]
 

Sun, 03. Mar 2013


Fake traceroute Created: 03.03.2013 20:38
About a month ago, the Star Wars Traceroute circled the Internet. I found it quite amusing - and thought that I could improve on that idea.
My first experiments to generate something similar with stock Linux kernel tools (like ip6tables and different routing tables) were pretty unsuccesful - something was always missing to make it work properly. There also is a perl utility called countertrace which does something similar, but it did not have all the features I wanted and AFAIK does not support IPV6. So in the end I simply coded a small program that would listen on a network interface and send hand-generated packets back to fake the hops in the traceroute. This actually made some things a lot easier to implement: The trace can contain hops that depend on the current time or on the temperature. This would have required constantly changing the rules if I had done it with stock kernel tools, but the way it's implemented now the program just has to adapt the (fake) IP in the reply. Another nice feature that was easier to implement was that you can set the delay for every hop - so you can properly fake e.g. the delay a transatlantic hop causes.
You can see all this in action by doing an IPv6 traceroute to target.fauad.de (2001:470:1f0b:1d0f:23::ff). I do not think it's a good idea to use completely bogus hostnames, possibly hitting domains belonging to someone else in one of the 10 trillion new TLDs, which is why all my hops have an added .fauad.de; and I do not think it's a good idea to use too long quotes from movies for copyright reasons, so in this respect, my traceroute is less cool. But it allows you to get the current time and temperature in Germany, which is the killer-feature you always wanted, isn't it?
So here is how the traceroute currently (at half past 8 on the 3rd of March 2013 with a temperature of about -3 degrees outside) looks like:

# traceroute -6 -m 100 target.fauad.de traceroute to target.fauad.de (2001:470:1f0b:1d0f:23::ff), 100 hops max, 40 byte packets using UDP [...] 8 tserv1.fra1.he.net (2001:470:0:69::2) 17.614 ms 17.032 ms 18.992 ms 9 you.have.reached.germany.fauad.de (2001:470:1f0b:1d0f:23::1) 21.104 ms 22.468 ms 19.845 ms 10 local.time.is.20.32.fauad.de (2001:470:1f0b:1d0f:1:2032:0:1) 20.834 ms 19.981 ms 20.121 ms 11 and.the.current.temperature.in.Erlangen.fauad.de (2001:470:1f0b:1d0f:23::3) 19.884 ms 19.846 ms 20.476 ms 12 is.minus-2.95.degrees.celsius.fauad.de (2001:470:1f0b:1d0f:2::5705) 20.202 ms 19.860 ms 20.234 ms 13 im.not.crazy.fauad.de (2001:470:1f0b:1d0f:23::5) 20.094 ms 19.909 ms 19.820 ms 14 my.mother.had.me.tested.fauad.de (2001:470:1f0b:1d0f:23::6) 20.458 ms 19.768 ms 19.680 ms 15 and.at.least.im.not.wasting.ipv4.for.this.fauad.de (2001:470:1f0b:1d0f:23::7) 20.651 ms 20.708 ms 20.127 ms 16 Oo.oO---------------------------------Oo.oOo.fauad.de (2001:470:1f0b:1d0f:23::20) 20.340 ms 19.857 ms 20.024 ms 17 so.lets.see.where.this.is.going.fauad.de (2001:470:1f0b:1d0f:23::8) 20.141 ms 20.004 ms 19.817 ms 18 40ge-7-3.fra1.de.fauad.de (2001:470:1f0b:1d0f:23::9) 20.382 ms 20.890 ms 20.202 ms 19 invasive.pat.down.tsa.security.theater.us.fauad.de (2001:470:1f0b:1d0f:23::a) 99.836 ms 98.758 ms 98.147 ms 20 no.such.agency.spycorps23241.us.fauad.de (2001:470:1f0b:1d0f:23::b) 110.627 ms 110.739 ms 110.602 ms 21 40ge-1-2.ny1.us.fauad.de (2001:470:1f0b:1d0f:23::c) 112.935 ms 111.858 ms 111.163 ms 22 no.such.agency.spycorps812424.us.fauad.de (2001:470:1f0b:1d0f:23::d) 119.413 ms 118.728 ms 117.650 ms 23 28kbit-3-2.funafuti1.tv.fauad.de (2001:470:1f0b:1d0f:23::e) 206.467 ms 205.527 ms 204.449 ms 24 10ge-4-1.beijing.cn.fauad.de (2001:470:1f0b:1d0f:23::f) 232.709 ms 232.126 ms 231.047 ms 25 40ge-5-9.erl1.de.fauad.de (2001:470:1f0b:1d0f:23::10) 290.281 ms 299.625 ms 298.543 ms 26 it.seems.this.was.the.shortest.path.fauad.de (2001:470:1f0b:1d0f:23::11) 297.446 ms 296.811 ms 295.727 ms 27 Oo.oO---------------------------------Oo.oOo.fauad.de (2001:470:1f0b:1d0f:23::20) 291.313 ms 290.374 ms 299.368 ms 28 our.whole.universe.was.in.a.hot.dense.state.fauad.de (2001:470:1f0b:1d0f:23::12) 298.633 ms 297.558 ms 296.479 ms 29 then.nearly.fourteen.billion.years.ago.fauad.de (2001:470:1f0b:1d0f:23::13) 299.223 ms 298.138 ms 297.057 ms 30 expansion.started.WAIT111.fauad.de (2001:470:1f0b:1d0f:23::14) 299.245 ms 298.163 ms 297.076 ms 31 im.afraid.this.will.have.to.stop.here.fauad.de (2001:470:1f0b:1d0f:23::15) 292.238 ms 291.157 ms 299.893 ms 32 to.avoid.nasty.copyright.infringement.letters.fauad.de (2001:470:1f0b:1d0f:23::16) 298.907 ms 297.829 ms 296.745 ms 33 so.thats.it.for.now.fauad.de (2001:470:1f0b:1d0f:23::fd) 289.845 ms 299.042 ms 297.962 ms 34 ill.be.back.fauad.de (2001:470:1f0b:1d0f:23::fe) 296.882 ms 295.801 ms 294.715 ms 35 you.have.reached.your.destination.fauad.de (2001:470:1f0b:1d0f:23::ff) 299.357 ms 298.276 ms 297.195 ms

I'll probably release the sourcecode of this in a few weeks when I'm done playing with it.
4 comments
Hi,
i have a (maybe very silly) question.
Why is on your traceroute after tserv1.fra1.he.net your /48 HE-Net IP and not the HE "Client IPv6 Address" ?

btw: it would be great if you would publish the source
meinname 16.03.2013 01:39

Remember that everything you see is completely fake. Of course the next real hop after the HE tunnel server is the client IPv6 address, but there is no reason for you to see it: Your traceroute packets are addressed to an IP in the /48, and it is an IP the machine does not have configured on a kernel level, so the kernel will not send a reply on its own.
PoempelFox 16.03.2013 23:49

Ahh, thnx for the explaination.
meinname 17.03.2013 00:35

Hi,
do you still plan to release the sourcecode?
meinname 07.06.2013 17:46

write a new comment:
name or nickname
eMail adress (optional)
Your comment:
calculate: (2 times 10) plus 3
 
EOPage - generated with blosxom