Reverse Traceroute
Rolf Winter
rolf.winter at hs-augsburg.de
Mon Feb 27 08:13:41 UTC 2023
Am 27.02.23 um 01:35 schrieb Grant Taylor via NANOG:
> On 2/25/23 3:09 AM, Tore Anderson wrote:
>> I suggest you get in touch with the fine folks at NLNOG RING and ask it
>> they would be interested in setting this up on the 600+ RING nodes all
>> over the world. See https://ring.nlnog.net/.
>
> Similarly you might reach out to RIPE and inquire if they are interested
> in adding this functionality to their Atlas Probes et al.
>
>
>
RIPE Atlas is a bit "different" in that you need credits to trigger
something on Atlas. And Atlas already implements traceroute, incl. Paris
Traceroute. That means, in fact (if you have credits) you can already
reverse traceroute from an Atlas Probe to yourself (and other places on
the internet).
But, you are raising in interesting point, which we have thought about
but dismissed. But feedback from the operational community on this would
be valuable. Our reverse traceroute currently restricts the server to
trace back to the issuing client. We did this for security reasons. The
question was "why should anybody on the internet be able to do a
traceroute from my server to a destination of choice?". Lifting this
restriction would allow a functionality similar to
"https://downforeveryoneorjustme.com/". But, somebody might use your
server for this. How do people feel about this? Restrict the reverse
traceroute operation to be done back to the source or allow it more
freely to go anywhere?
Best,
Rolf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4757 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20230227/6ac5299b/attachment.bin>
More information about the NANOG
mailing list