From owner-freebsd-security  Tue Jun 26 14:16: 8 2001
Delivered-To: freebsd-security@freebsd.org
Received: from netau1.alcanet.com.au (ntp.alcanet.com.au [203.62.196.27])
	by hub.freebsd.org (Postfix) with ESMTP id DA72D37B401
	for <freebsd-security@FreeBSD.ORG>; Tue, 26 Jun 2001 14:15:54 -0700 (PDT)
	(envelope-from jeremyp@gsmx07.alcatel.com.au)
Received: from mfg1.cim.alcatel.com.au (mfg1.cim.alcatel.com.au [139.188.23.1])
	by netau1.alcanet.com.au (8.9.3 (PHNE_22672)/8.9.3) with ESMTP id HAA02797;
	Wed, 27 Jun 2001 07:15:07 +1000 (EST)
Received: from gsmx07.alcatel.com.au by cim.alcatel.com.au
 (PMDF V5.2-32 #37641) with ESMTP id <01K594BRFDJ4VFAJ4X@cim.alcatel.com.au>;
 Wed, 27 Jun 2001 07:14:53 +1000
Received: (from jeremyp@localhost)	by gsmx07.alcatel.com.au (8.11.1/8.11.1)
 id f5QLF5v92583; Wed, 27 Jun 2001 07:15:05 +1000 (EST envelope-from jeremyp)
Content-return: prohibited
Date: Wed, 27 Jun 2001 07:15:04 +1000
From: Peter Jeremy <peter.jeremy@alcatel.com.au>
Subject: Re: disable traceroute to my host
In-reply-to: <3181060651.20010626150813@SECURITY.NNOV.RU>; from
 3APA3A@SECURITY.NNOV.RU on Tue, Jun 26, 2001 at 03:08:13PM +0400
To: 3APA3A <3APA3A@SECURITY.NNOV.RU>
Cc: alexus <ml@db.nexgen.com>, freebsd-security@FreeBSD.ORG
Mail-Followup-To: 3APA3A <3APA3A@SECURITY.NNOV.RU>,
	alexus <ml@db.nexgen.com>, freebsd-security@FreeBSD.ORG
Message-id: <20010627071504.P95583@gsmx07.alcatel.com.au>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-disposition: inline
User-Agent: Mutt/1.2.5i
References: <006a01c0fb6b$2d64d830$9865fea9@book>
 <771487721300.20010623150519@SECURITY.NNOV.RU>
 <009201c0fdad$57c2af00$9865fea9@book>
 <3181060651.20010626150813@SECURITY.NNOV.RU>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On 2001-Jun-26 15:08:13 +0400, 3APA3A <3APA3A@SECURITY.NNOV.RU> wrote:
>deny ICMP from (YOURNETWORK) to any icmptypes 0,3,11 out
>
>0 - to stop windows traceroute and ping
>3 - to stop BSD-style traceroute
>11 - to prevent intermediate router to reply traceroute

Blocking ICMP type 3 will break Path-MTU discovery (which relies on
type 3 code 4).

Peter

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message