From owner-freebsd-security Wed Jun 27 11:34:55 2001 Delivered-To: freebsd-security@freebsd.org Received: from db.nexgen.com (db.nexgen.com [64.81.208.78]) by hub.freebsd.org (Postfix) with SMTP id 33DF737B405 for ; Wed, 27 Jun 2001 11:34:51 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 81741 invoked from network); 27 Jun 2001 18:35:46 -0000 Received: from localhost.nexgen.com (HELO book) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 27 Jun 2001 18:35:46 -0000 Message-ID: <003701c0ff37$e229faa0$01000001@book> From: "alexus" To: "3APA3A" <3APA3A@SECURITY.NNOV.RU>, "Peter Jeremy" Cc: References: <006a01c0fb6b$2d64d830$9865fea9@book> <771487721300.20010623150519@SECURITY.NNOV.RU> <009201c0fdad$57c2af00$9865fea9@book> <3181060651.20010626150813@SECURITY.NNOV.RU> <20010627071504.P95583@gsmx07.alcatel.com.au> <79255173079.20010627114324@SECURITY.NNOV.RU> Subject: Re: Re[2]: disable traceroute to my host Date: Wed, 27 Jun 2001 14:35:04 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org from someone earlier post.. i suggest to check this out http://www.isi.edu/in-notes/iana/assignments/icmp-parameters ----- Original Message ----- From: "3APA3A" <3APA3A@SECURITY.NNOV.RU> To: "Peter Jeremy" Cc: "alexus" ; Sent: Wednesday, June 27, 2001 3:43 AM Subject: Re[2]: disable traceroute to my host > Hello Peter, > > > > --Wednesday, June 27, 2001, 1:15:04 AM, you wrote to 3APA3A@SECURITY.NNOV.RU: > > PJ> On 2001-Jun-26 15:08:13 +0400, 3APA3A <3APA3A@SECURITY.NNOV.RU> wrote: > >>deny ICMP from (YOURNETWORK) to any icmptypes 0,3,11 out > >> > >>0 - to stop windows traceroute and ping > >>3 - to stop BSD-style traceroute > >>11 - to prevent intermediate router to reply traceroute > > PJ> Blocking ICMP type 3 will break Path-MTU discovery (which relies on > PJ> type 3 code 4). > > It's possible to combine - deny incoming UDP and outgoing ICMP types > 0, 11. > > In any case - there are thousand ways to discover route. Use NAT to > hide internal network. > > PJ> Peter > > PJ> To Unsubscribe: send mail to majordomo@FreeBSD.org > PJ> with "unsubscribe freebsd-security" in the body of the message > > > -- > ~/3APA3A > Всегда будем рады послушать ваше чириканье (Твен) > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message