Le ven 23/07/2004 à 22:09, David Cary Hart a écrit : > I must ask a dumb question. Why would one want to mangle TTL or filter > on TTL? Traffic linearization. As you may know, examine TTL field on an IP packet can provide information on the host that has generated it. As an example, you can use it to fingerprint the OS. So, fixing a common TTL value for all packets that are coming from your network to the outside can be done for such a purpose. On the other way, playing with TTL for packets you send can provide information on target architecture, typically using traceroute methods. Fixing a given TTL or raising it by a common value at choosen points within your network can defeat theses technics. But one always have to remember that playing with TTL can be highly harmful for your network, and the other's. So it has to be done _very_ carefully. Moreover, there's a lot more to do regarding filtering before even consider playing with TTL :) -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
