The idea behind 0trace is to launch a traceroute operation on an already established session. It is meant to bypass firewall that perform stateful inspection. This is a good idea as it allows to know what is behind the firewall. On the other hand, IDS with the TTL change might considers it as an evasion attempt.
The first version by Michal Zalewski was discuss here, You now have the Jagger’s improved version.
The example in the mailling list is quite straight forward.
0 Responses to “0trace - traceroute on established connections”