Chapter 7 - The Fight for the Primulus Network: Yaseen vs Nathan

• Published in: Aggressive Network Self-Defense pp. 213 - 252
• Main Authors: Meer, Harron, Temmingh, Roelof
• Format: Book Chapter
• Language: English
• Published: Syngress 2005
• ISBN: 1931836205; 9781931836203
• DOI: 10.1016/B978-193183620-3/50012-9

This chapter is about two fictional characters—Yaseen and Nathan. Although the characters and events are entirely fictional, the story presented by the chapter is based on real-world technology and methodologies. The two characters face each other in the struggle to penetrate/secure Primulus—an energy research facility. Their encounters are as close as one will ever get to a realistic dogfight in cyberspace. One of the tools used in the story is traceroute. It uses ICMP and the time-to-live (TTL) field in the IP header. The TTL field is an 8-bit field that the sender initializes to some value. Each router that handles the datagram is required to decrement the TTL by either one or the number of seconds that the router holds on to the datagram. Because most routers hold a datagram for less than a second, the TTL field effectively has become a hop counter, decremented by one by each router. It sends an IP datagram with a TTL of 1 to the destination host. The first router to handle the datagram decrements the TTL, discards the datagram, and sends back the ICMP time exceeded. This identifies the first router in the path. Traceroute then sends a datagram with a TTL of 2, and one finds the IP address of the second router. This continues until the datagram reaches the destination host.