From owner-freebsd-security Thu Jan 20 10: 4:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from toaster.sun4c.net (toaster.sun4c.net [63.193.27.6]) by hub.freebsd.org (Postfix) with ESMTP id 7EF8F15248 for ; Thu, 20 Jan 2000 10:04:03 -0800 (PST) (envelope-from andre@toaster.sun4c.net) Received: (from andre@localhost) by toaster.sun4c.net (8.9.3+openldap/8.9.3) id KAA27461; Thu, 20 Jan 2000 10:06:51 -0800 (PST) Date: Thu, 20 Jan 2000 10:06:51 -0800 From: Andre Gironda To: matt Cc: FreeBSD-SECURITY Subject: Re: legit udp ports for traceroute Message-ID: <20000120100650.A27441@toaster.sun4c.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95i In-Reply-To: ; from matt on Thu, Jan 20, 2000 at 12:43:36PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Matt, I'm pretty sure it's >30000. only open up icmp type codes 0 and 11 (i think traceroute needs those as well), and those really high udp ports. actually i think traceroute is ports 33434 >< 33465, but there are a few different traceroute programs/versions out there, you might want to check the source and see what they all use. dre On Thu, Jan 20, 2000 at 12:43:36PM -0500, matt wrote: > > Sorry if this is off-topic, but I'm wondering what range of udp ports is > used by legitimate traceroutes? I generally deny udp, but would like to > open up enough so that traceroutes could go through to a certain machine. > > thanks, > > -Matt > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- This program has been brought to you by the language C and the number F. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message