From owner-freebsd-security  Wed Jun 27  8:15:14 2001
Delivered-To: freebsd-security@freebsd.org
Received: from ns2.sysadmin-inc.com (ns2.sysadmin-inc.com [209.16.228.145])
	by hub.freebsd.org (Postfix) with SMTP id F343E37B405
	for <freebsd-security@freebsd.org>; Wed, 27 Jun 2001 08:15:11 -0700 (PDT)
	(envelope-from peter@sysadmin-inc.com)
Received: (qmail 75992 invoked by alias); 27 Jun 2001 15:15:11 -0000
Received: from unknown (HELO 98wkst) (10.10.1.70)
  by ns2.sysadmin-inc.com with SMTP; 27 Jun 2001 15:15:11 -0000
From: "Peter Brezny" <peter@sysadmin-inc.com>
To: "Peter Jeremy" <peter.jeremy@alcatel.com.au>
Cc: <freebsd-security@freebsd.org>
Subject: RE: disable traceroute to my host
Date: Wed, 27 Jun 2001 11:14:26 -0400
Message-ID: <NFBBKAEAALGGGFKINBLAMEFMCAAA.peter@sysadmin-inc.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <20010627071504.P95583@gsmx07.alcatel.com.au>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Importance: Normal
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Peter,

What is a good document to get more info on ICMP types?

Thanks.

Peter Brezny
SysAdmin Services Inc. 

-----Original Message-----
From: owner-freebsd-security@FreeBSD.ORG
[mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Peter Jeremy
Sent: Tuesday, June 26, 2001 5:15 PM
To: 3APA3A
Cc: alexus; freebsd-security@FreeBSD.ORG
Subject: Re: disable traceroute to my host


On 2001-Jun-26 15:08:13 +0400, 3APA3A <3APA3A@SECURITY.NNOV.RU> wrote:
>deny ICMP from (YOURNETWORK) to any icmptypes 0,3,11 out
>
>0 - to stop windows traceroute and ping
>3 - to stop BSD-style traceroute
>11 - to prevent intermediate router to reply traceroute

Blocking ICMP type 3 will break Path-MTU discovery (which relies on
type 3 code 4).

Peter

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message