Hacker News new | past | comments | ask | show | jobs | submit login
Star Wars Traceroute - How I did it (beaglenetworks.net)
216 points by sebkomianos on Feb 9, 2013 | hide | past | favorite | 21 comments

Holy center aligned code batman. Nice work though, wish I had been that adventurous during the snow storm :)

I wonder what a programming language would look like if it were intended to be viewed center-aligned. That might be a fun snowstorm/CNY project for any language geeks out there.

Edit: for those of you confused by the red envelopes and fire crackers, happy Lunar New Year (CNY).

Center aligned is too easy: http://www.ioccc.org/1987/westley.c (sorry, couldn't resist)

They should have a new qualification - CCIE FG - (CCIE fun and games!).

I have seen a few highly qualified networking people do some funny things, but, this has got to be the best by far!

The upstreams had a valid route back to it, it just didnt have a valid forward route - and thank goodness because the traceroute boxes got ddosed into oblivion. This was a trick which ONLY used 1 ip address and some borrowed PTRs. I could have used used space too, but the customers mail probably would have stopped working. The source of the IP block is an ISP that gets a /20 at a time. Its a fact of life that unused blocks do sit around.

The sad aftermath of the story: http://beaglenetworks.net/post/42828595476/what-i-learned-fr...

Somebody apparently found it necessary to DDOS this harmless internet curiosity so it does not exist anymore. A reminder that people can be wonderful, and people can be just evil, I guess.

Nice example of PHP being put to use on the console.

Video of Star Wars Traceroute: http://www.youtube.com/watch?v=nPJELwSV1P0

that's really interesting. i have a non-ccie question, though:

if it's sending packets on a dance through a virtual network, why does that have to use public addresses? would using a private network (eg not have worked? why not? (and is it odd for people to still have unused /24 lying around?)

Main reason: You need to have reverse DNS that resolves each IP address to the appropriate Star Wars line. You don't have control over the reverse DNS for IP space you don't own (such as Without the reverse DNS you'd just see IP addresses in the traceroute output, and no "It.is.a.period.of.civil.war."

Secondary reason: To prevent IP address spoofing, many routers have "reverse path filtering," which drops packets with source IP addresses that shouldn't be coming from the interface they're coming from. This would put a stop to the ICMP TTL exceeded messages and you'd just see stars in the traceroute output.

There is a surprising amount of unused IP address space out there, which can happen when, for example, an organization has a large allocation and they're not using all of it. This is kind of unfortunate but there's not really a practical way to take small amounts of unused address space and make use of it elsewhere on the Internet.

Because you're sending udp packets to each hop, if it were a private network there would be no route to it.

But the packets aren't addressed to the intermediate routers. All of the packets are addressed to the endpoint, with a TTL value too low to make it there. The intermediate routers just reply with an ICMP Time Exceeded packet.

The real problem is that an ICMP Time Exceeded packet coming from behind NAT would presumably either be blocked by the NAT or else have its address changed to the routable public interface of the NAT device. If the packets are dropped, that would obviously be a problem. If the IP address were changed to that of the NAT box, then all of the reverse DNS lookups would have the same result.

By the way, some traceroute implementations use ICMP Echo Request packets instead of UDP.

Edit: punctuation

Oh right, yes, that's correct. It's the destination address that counts. EDIT: @0x0 yes of course the DNS too.

But you don't really need a route TO it? Would it technically work to start sending replies back with private IP addresses in the middle of the traceroute? Or do most ISPs filter those even in the replies?

Edit: By the way, that wouldn't have worked for this hack anyways, since you wouldn't be able to control reverse DNS for the private IP addresses.

I love the Rasmusesque PHP zen. "Hi. I am dumb. I don't write good programs, I write programs that work."

Reminds me of Colombo.


From the originator of PHP: http://en.wikiquote.org/wiki/Rasmus_Lerdorf

Rasmus is the creator of PHP. But yeah, Rasmusesque?

Rasmus always claimed that he wasn't concerned with beautiful programming that followed a common design pattern or methodology, rather he liked to get things done and so much of PHP is designed in that way.

There is an old proverb for this approach: penny wise, pound foolish.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact