From owner-freebsd-security Thu Aug 17 7:50:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (Postfix) with SMTP id 8CCBB37B64B for ; Thu, 17 Aug 2000 07:50:26 -0700 (PDT) Received: (qmail 57906 invoked by uid 1001); 17 Aug 2000 14:50:13 +0000 (GMT) To: dhw@whistle.com Cc: achilov@granch.ru, Egon.Rath@lsr-ooe.gv.at, freebsd-security@FreeBSD.ORG Subject: Re: AW: deny incoming icmp From: sthaug@nethelp.no In-Reply-To: Your message of "Thu, 17 Aug 2000 07:14:30 -0700 (PDT)" References: <200008171414.HAA02662@pau-amma.whistle.com> X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Thu, 17 Aug 2000 16:50:13 +0200 Message-ID: <57904.966523813@verdi.nethelp.no> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > >Traceroute uses ICMP types 0 (Echo Reply), 8 (Echo request) and 11 (TTL > >expired) to determine the route to the host. > > That didn't seem quite right to me, so I looked (in > /usr/src/contrib/traceroute/traceroute.c); there is a rather large > comment block near the beginning of the file tagged > > * -- Van Jacobson (van@ee.lbl.gov) > * Tue Dec 20 03:50:13 PST 1988 > > that explains how & why the program uses high-numbered UDP datagrams for > the probes. It does rely on ICMP (time exceeded; ICMP type 11) for > receiving notification from a router, though. The Microsoft implementation of traceroute uses ICMP instead of UDP though... Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message