From owner-freebsd-security Mon Jun 25 12:59:57 2001 Delivered-To: freebsd-security@freebsd.org Received: from db.nexgen.com (db.nexgen.com [64.81.208.78]) by hub.freebsd.org (Postfix) with SMTP id DDD4137B401 for ; Mon, 25 Jun 2001 12:59:49 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 14388 invoked from network); 25 Jun 2001 20:00:38 -0000 Received: from localhost.nexgen.com (HELO book) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 25 Jun 2001 20:00:38 -0000 Message-ID: <01ec01c0fdb1$6c9cada0$9865fea9@book> From: "alexus" To: "Peter Pentchev" , "Simon Rakovec" Cc: References: <006a01c0fb6b$2d64d830$9865fea9@book> <3B36267B.5B5FDBE@inforta.com> <20010625093731.A934@ringworld.oblivion.bg> Subject: Re: disable traceroute to my host Date: Mon, 25 Jun 2001 16:00:03 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i agree this is not a solution.. looks like tty=1 is best solution so far thanks though ----- Original Message ----- From: "Peter Pentchev" To: "Simon Rakovec" Cc: Sent: Monday, June 25, 2001 2:37 AM Subject: Re: disable traceroute to my host > On Sun, Jun 24, 2001 at 07:42:19PM +0200, Simon Rakovec wrote: > > Try this: > > > > ipfw add deny udp from any 32769-65535 to 33434-33523 > > As Karsten noted in a followup, this is not proper network practice. > There might be a LOT of things listening on those UDP ports, including > ephemeral outgoing UDP connections. > > As many other people noted, this does not stop Windows traceroute, > which goes via ICMP. > > As the traceroute(8) manpage notes, this does not stop people who > know how to use the traceroute '-p port' option to select a starting > port != 32768. > > As Dag-Erling Smoerdgrav noted, in general it is impossible to disable > a person determined to traceroute you, and in practice, there is > no need to. > > G'luck, > Peter > > PS. How was that now... one source: plagiarism, two sources: comparative > study, three sources: an academic thesis.. I did even better than that! ;) > > -- > Thit sentence is not self-referential because "thit" is not a word. > > > alexus wrote: > > > > > > is it possible to disable using ipfw so people won't be able to traceroute > > > me? > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message