Date: Wed, 27 Jun 2001 10:22:35 -0500 From: steve.d.meacham@mail.sprint.com To: peter.jeremy@alcatel.com.au, peter@sysadmin-inc.com Cc: freebsd-security@FreeBSD.ORG Subject: RE: disable traceroute to my host Message-ID: <H0002be912064da2.0993655354.kcopmp01@MHS>
next in thread | raw e-mail | index | archive | help
--openmail-part-484610c8-00000001 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline ;Creation-Date="Wed, 27 Jun 2001 10:22:35 -0500" Content-Transfer-Encoding: 7bit Check out the book "Building Internet Firewalls" by Zwicky, Cooper & Chapman from O'Reilly. It describes ICMP types and how to filter and deal with them. It also covers most of the other protocols you're likely to encounter as a firewall administrator. Oh... ISBN 1-56592-871-7 Steven -----Original Message----- From: peter [mailto:peter@sysadmin-inc.com] Sent: Wednesday, June 27, 2001 10:14 AM To: peter.jeremy Cc: peter; freebsd-security Subject: RE: disable traceroute to my host Peter, What is a good document to get more info on ICMP types? Thanks. Peter Brezny SysAdmin Services Inc. -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Peter Jeremy Sent: Tuesday, June 26, 2001 5:15 PM To: 3APA3A Cc: alexus; freebsd-security@FreeBSD.ORG Subject: Re: disable traceroute to my host On 2001-Jun-26 15:08:13 +0400, 3APA3A <3APA3A@SECURITY.NNOV.RU> wrote: >deny ICMP from (YOURNETWORK) to any icmptypes 0,3,11 out > >0 - to stop windows traceroute and ping >3 - to stop BSD-style traceroute >11 - to prevent intermediate router to reply traceroute Blocking ICMP type 3 will break Path-MTU discovery (which relies on type 3 code 4). Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message --openmail-part-484610c8-00000001-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?H0002be912064da2.0993655354.kcopmp01>