In article <>,
says...
> In article <>,
> Leythos wrote:
>
> >In article <>,
> > says...
>
> >> Other than knowing which servers to ask, what does 'VisualRoute' tell you
> >> that 'whois' doesn't? (I really don't care about intermediate hops that
> >> can't be blocked, and I know what a map looks like.)
>
> >Visual Route provides a very nice spreadsheet that lets me see every %
> >Loss, IP Address, Node Name, Location, TimeZone, ms time, a time graph,
> >and the Network owner.
>
> And this helps you exactly how? I don't know how your network is set,
> but every upstream I've worked with in the past eight years has been
> ignoring Source Routing, and that's the only control you have on where
> your packets go when routing from "here" to "there". You have no control
> at all at how packets are routed from "there" to "here". The IPs of the
> intermediate hops only become known when using a network diagnostic
> like traceroute (or clones). There is nothing in a packet that comes
> from $THERE that tells where it's been, so what do you do with the
> information you gain?
>
> I'm assuming the program uses ICMP echos with incremental TTL values like
> the Microsoft "tracert" (or the *nix "mtr" application from bitwizard).
> Given that some routers/firewalls are dropping pings, have you compared
> results using the original Unix version of traceroute (defaults to UDP)
> or the Linux TCP version??
When I to a VR I get the NOC info for every hop, that's the nice part
for me - full owner info and block. It means that I can quickly get the
info from one source while viewing everything. Sure, I know it can be
done after a tracert by doing individual looks, but that would require
more work - since I use and love VR it's just a simple click to see what
path takes me to the probing IP - the info along the path is what I'm
looking for.
> >I like the ability to click on the network owner name and get a full
> >list of IP's they own.
>
> And you can't get this from 'whois'?
Sure, as can anyone, but, as I said, it's a very nice, all inclusive,
type interface. Why would I want to take the extra steps when it's a
single click on the GUI to see it all?
[snip]
> >> >218.67.128.0-218.29.255.255
> >>
> >> I suspect that should be
> >>
> >> 218.67.128.0 - 218.69.255.255 Tianjing province network CHINANET-TJ
> >
> >Nice catch, I missed that. I will have to update it so I don't block
> >more than intended.
>
> I've no idea how a firewall would interpret the higher to lower number.
> One hopes they have a sanity check, and don't try 218.67.128.0 through
> 255.255.255.255, then wrap 0.0.0.0 to 218.29.255.255.
Yea, I think it ignored the range. I've since corrected it.
> >The thing I like most about VR is that I can see the entire hop count
> >and have a clickable item for every column/row that expands into more
> >information than having to do several lookups. When I get a probe from
> >country X, I can see the full path to them (every network) and with just
> >a few simple clicks I can see every network that the hop owns and block
> >it.
>
> I'm assuming you mean the end points. For me, many routes to the Far East
> pass through Los Angles, San Francisco, Portland OR, Seattle, Salt Lake
> City or Denver, but blocking the IP ranges of those routers does absolutely
> nothing other than break traceroute at those hops, because their IPs never
> appear in the packets from APNIC, nor can I cause my packets to go
> elsewhere. Sending complaints to (for example) AT&T Long Lines that they
> shouldn't be carrying packets from/to $COUNTRY does no good, because I'm
> not a customer of theirs anyway.
The block list appears to block anything from the ranges I specify -
since the probe comes from a foreign host and since I can see all the
other hops and that they are foreign, it allow me to block their ranges
too. While I may not have got a probe from hop 15, if I can see that hop
15 is some place in Korea and it's network block assignment, I can block
it before I get probed. It's nice to see the list (I don't use the map
function, only the spreadsheet mode).
I added 220.72.0.0/12 tonight along with 211.54.40.0/25
I don't even bother complaining to anyone outside the US, it almost
never does any good. It's easier to block their network and just not
have to deal with them. If there is no reason for anyone in country XYZ
to hit our servers I don't see any reason I should expose the network to
them.
Here's a link to their site
http://www.visualiptrace.com/index.html
--
--
(Remove 999 to reply to me)
Similar Threads
