Date: 24 Nov 2000 12:52:14 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: Nevermind <never@nevermind.kiev.ua> Cc: Vlad <tmd@tmd.df.ru>, security@FreeBSD.ORG Subject: Re: ipf - icmp Message-ID: <xzpvgtdsi35.fsf@flood.ping.uio.no> In-Reply-To: Nevermind's message of "Fri, 24 Nov 2000 13:42:19 %2B0200" References: <Pine.BSF.4.21.0011231431360.18361-100000@tmd.df.ru> <xzp66ldtz6k.fsf@flood.ping.uio.no> <20001124134218.A17181@nevermind.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Nevermind <never@nevermind.kiev.ua> writes: > > No. There is no way to completely prevent someone from tracerouting > > you. You can make it slightly harder by blocking incoming UDP (which > > your ruleset does not), but that's about it. > Why not to use ipfw? > ipfw add deny icmp from any to any via sis0 This still won't prevent traceroutes. The only 100% foolproof way to prevent anyone from tracerouting your machine is to take it off the net. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpvgtdsi35.fsf>