Append wasd command to subdomain. eg. tracerouting wwddds.trh.milek7.pl rotates 2x, moves right 3x and drops piece. After dropping traceroute without commands to get another piece.
It's just simple application running on VPS with /64 subnet assigned to it. Captures on AF_PACKET socket, filters packets with low HL and sends back ICMP responses. And it also works as as DNS server for commands and revdns lookup.
That is a very complicated magical spell, that I’m not sure I could cast on my own, but is amazing to see those pieces put together in that way. Thank you so much for sharing it.
IIRC you only need control of the one IP address, the rest is spoofed. The endpoint can report that TTL expired at any IP address it wants so it just invents extra hops between the real last hop and the endpoint.
The first time I saw traceroute art was in ~1996 by Julian Assange (prof). He had set up his system so that when inbound traceroute is detected it would spoof additional hop responses to some official bureau (federal police or similar) in pure jest.
$ traceroute -6 -m 50 hand.bb0.nl
traceroute to hand.bb0.nl (2a0e:fd45:2a0a:2::cafe), 50 hops max, 80 byte packets
...
7 MYLOC-MANAG.ear3.Amsterdam1.Level3.net (2001:1900:5:2:2:0:8:780a) 253.218 ms 251.177 ms 251.017 ms
8 2a00:a7c0:e20a:20::1 (2a00:a7c0:e20a:20::1) 250.961 ms 250.912 ms 250.870 ms
9 2a0e:fd40:1337:1::2 (2a0e:fd40:1337:1::2) 250.759 ms 250.615 ms 250.390 ms
10 speed-ix.bakker-it.eu (2001:7f8:b7::a504:4103:1) 260.648 ms 260.656 ms 256.790 ms
11 core.dro.bb.enpls.org (2a0e:fd40:1:114::1) 243.415 ms 243.390 ms 242.867 ms
12 e19-vlan1-up6.vm2.dro.bb0.nl (2a0e:fd45:2a0a:b::a) 266.776 ms 291.814 ms 291.755 ms
13 ____________36936936936936936__________________ (2a0e:fd45:2a0a:2::ca01) 291.833 ms 291.741 ms 291.643 ms
14 ____________36936936936936936__________________ (2a0e:fd45:2a0a:2::ca02) 266.123 ms 256.651 ms 249.852 ms
15 ____________369369369369369369_________________ (2a0e:fd45:2a0a:2::ca03) 261.516 ms 261.339 ms 258.174 ms
16 ___________36936936936936933693________________ (2a0e:fd45:2a0a:2::ca04) 241.054 ms 243.898 ms 243.724 ms
17 __________3693693693693693693693_______________ (2a0e:fd45:2a0a:2::ca05) 269.403 ms 254.471 ms 261.275 ms
18 _________369369369369369369369369______________ (2a0e:fd45:2a0a:2::ca06) 244.441 ms 244.373 ms 244.325 ms
19 _________3693693693693693693693699_____________ (2a0e:fd45:2a0a:2::ca07) 263.220 ms 251.262 ms 251.193 ms
20 ________3693693693693693693693699369___________ (2a0e:fd45:2a0a:2::ca08) 283.519 ms 273.903 ms 262.867 ms
21 _______36936939693693693693693693693693________ (2a0e:fd45:2a0a:2::ca09) 262.790 ms 258.498 ms 258.254 ms
22 _____3693693693693693693693693693693636936_____ (2a0e:fd45:2a0a:2::ca0a) 260.935 ms 260.744 ms 261.780 ms
23 ___36936936936936936936936936936___369369369___ (2a0e:fd45:2a0a:2::ca0b) 254.720 ms 257.055 ms 249.360 ms
24 __36936___369336936369369369369________36936___ (2a0e:fd45:2a0a:2::ca0c) 249.210 ms 244.177 ms 244.089 ms
25 _36936___36936_369369336936936_________________ (2a0e:fd45:2a0a:2::ca0d) 238.127 ms 238.067 ms 238.331 ms
26 36933___36936__36936___3693636_________________ (2a0e:fd45:2a0a:2::ca0e) 259.337 ms 256.708 ms 256.546 ms
27 693____36936__36936_____369363_________________ (2a0e:fd45:2a0a:2::ca0f) 245.896 ms 245.831 ms 247.166 ms
28 ______36936__36936______369369_________________ (2a0e:fd45:2a0a:2::ca10) 252.041 ms 252.006 ms 250.902 ms
29 _____36936___36936_______36936_________________ (2a0e:fd45:2a0a:2::ca11) 259.269 ms 259.277 ms 259.244 ms
30 _____36936___36936________36936________________ (2a0e:fd45:2a0a:2::ca12) 255.846 ms 255.080 ms 254.934 ms
31 _____36936___36936_________36936_______________ (2a0e:fd45:2a0a:2::ca13) 264.530 ms * 264.507 ms
32 ______369____36936__________369________________ (2a0e:fd45:2a0a:2::ca14) 255.705 ms 283.080 ms 282.870 ms
33 ______________369______________________________ (2a0e:fd45:2a0a:2::ca15) 257.068 ms 248.604 ms 255.563 ms
34 _______________6_______________________________ (2a0e:fd45:2a0a:2::ca16) 255.445 ms 251.531 ms 250.614 ms
35 _______________________________________________ (2a0e:fd45:2a0a:2::ca17) 249.952 ms 240.459 ms 240.802 ms
36 ___00000000000000000000000000000000000000000___ (2a0e:fd45:2a0a:2::ca18) 243.548 ms 242.710 ms 242.676 ms
37 ___0________the_traceroute_hand_is_________0___ (2a0e:fd45:2a0a:2::ca19) 260.059 ms 260.027 ms 253.016 ms
38 ___0__________stealing_your_data___________0___ (2a0e:fd45:2a0a:2::ca1a) 252.847 ms 255.637 ms 258.055 ms
39 ___0_______________________________________0___ (2a0e:fd45:2a0a:2::ca1b) 241.792 ms 241.658 ms 241.624 ms
40 ___00000000000000000000000000000000000000000___ (2a0e:fd45:2a0a:2::ca1c) 237.356 ms 238.580 ms 238.545 ms
41 _______________________________________________ (2a0e:fd45:2a0a:2::ca1d) 247.027 ms 247.011 ms 246.979 ms
42 ______________________________________enpls.org (2a0e:fd45:2a0a:2::ca1e) 258.079 ms 254.880 ms 256.042 ms
43 _______________________________________________ (2a0e:fd45:2a0a:2::ca1f) 256.001 ms 266.648 ms 257.876 ms
44 _______________________________________________ (2a0e:fd45:2a0a:2::ca20) 239.803 ms 241.085 ms 241.019 ms
45 _______________________________________________ (2a0e:fd45:2a0a:2::ca21) 278.180 ms 278.103 ms 278.055 ms
46 * _______________________________________________ (2a0e:fd45:2a0a:2::ca22) 247.076 ms 247.464 ms
47 ____________well_this_is_the_end.______________ (2a0e:fd45:2a0a:2::ca23) 247.424 ms * 244.341 ms
48 _______you_can_stop_your_traceroute_here_______ (2a0e:fd45:2a0a:2::ca24) 248.702 ms 246.836 ms 248.054 ms
49 * _______________________________________________ (2a0e:fd45:2a0a:2::ca25) 256.373 ms 255.375 ms
50 _______________________________________________ (2a0e:fd45:2a0a:2::ca26) 245.333 ms 245.198 ms 245.186 ms
And, for those who aren't living in 01996, it works in mtr too.
There's a few more about 30 more hops beyond that, but I'm not getting a clean enough scan to post it here.
It was still tracerouting at 255, bouncing around IPv6 addresses, but I didn't see anymore past that. It was 13 hops for me to get to this stuff, so maybe someone closer can see if there's a grand finale.
Ugh, I am still salty that we let NAT steal the federated internet from us. It just happened to double as the laziest possible way to throw up something that resembles a security perimeter and now that assumption is baked so deeply into multiple industries (social networks, consumer electronics, even the networking and security industries themselves) that it will take decades to back it out, if we ever do.
This post has reminded me to re-enable it in my router. I can't even remember what it was now (I think ruby bundle, or something?), but something simply would not work with it enabled, with extremely opaque errors.
Hopefully that's either been fixed or I don't use whatever it was anymore.
ISP(hinet) here made the ipv6 works in an absolutely shitty way for some reason. Make sites got 2x ~ 3x latency randomly. And it also use some absolutely insane routing to make sites barely usable. (Or even unusable) I sometimes enable ipv6 in my router to see whether the situation have been improved. But it never be (as last time I checked it last year).
https://news.ycombinator.com/item?id=13122389
https://news.ycombinator.com/item?id=5192656
The second one doesn't seem to work anymore. There is probably a nontrivial cost to maintaining something like this.