Date: Mon, 16 Jul 2001 23:05:35 -0700 From: Bruce Dang <btdang@home.com> To: freebsd-net@FreeBSD.ORG Subject: Re: traceroute filter. Message-ID: <3B53D5AF.8D004696@home.com> References: <20010717082431.N47897-100000@blade.elitsat.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Alex, The last 'traceroute blocking' thread went on for a few weeks, so I think you should look into that. In addition to that, I think blocking ICMP packets, especially type 3 and 11 would allow you to traceroute. traceroute(8) works by sending UDP datagrams to destination, incrementing TTLs after every hop. If you block all ICMP packets, the intermediate routers will not be able to send back ICMP packets, which makes traceroute(8) almost useless ;(. Bruce Dang www.tbug.org i wonder how long this thread will go on... Alexander wrote: > > Hello. > I was wondering if anyone knows how can I set ipfw rules to allow myself > to traceroute anywhere but noone to be able to ping or traceroute me. > > I saw few examples in the ipfw tutorial on www.defcon1.org for filtering > external pings but these examples don't allow me to traceroute somewhere. > > thanks. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B53D5AF.8D004696>