Date: Thu, 28 Jun 2001 14:30:21 +0700 From: Igor Podlesny <poige@morning.ru> To: "Crist J. Clark" <cjclark@alum.mit.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re[2]: disable traceroute to my host Message-ID: <198504028264.20010628143021@morning.ru> In-Reply-To: <20010627221543.A346@blossom.cjclark.org> References: <006a01c0fb6b$2d64d830$9865fea9@book> <3B36267B.5B5FDBE@inforta.com> <20010625093731.A934@ringworld.oblivion.bg> <01ec01c0fdb1$6c9cada0$9865fea9@book> <20010626085804.E780@ringworld.oblivion.bg> <002701c0fe76$7530eab0$01000001@book> <003401c0fe93$a3f405e0$3200a8c0@Home> <001101c0ff3d$ca013aa0$01000001@book> <20010627221543.A346@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Wed, Jun 27, 2001 at 03:17:21PM -0400, alexus wrote: >> sounds good.. although what is tcp there for? > You can traceroute with any protocol. TCP is just as easy as UDP. > As people keep saying over and over, there really is no way to stop > traceroutes without severely breaking things. I disagree. cause don't see any real hurt of disallowing icmp-echo-reply (0), icmp-unreach.icmp-unreach-port (3.3) and icmp-timxceed (11). the first is already in relatively common practice the second is similar to blackhole BSD's feature (yeah... it doesn't fit RFC, but the cruel world ;) the third is just an informative message (like the second isn't RFC-compilant but partially) In sum we can just complain bout non RFC-behavior.... but at the other side we're to understand that playing according to the rules is too expensive while others don't bother with. Already mentioned stealth routing (ok, forwarding, if the difference kick in eye ;) isn't RFC-compilant and what? "...Who ever promised anybody equal share?..." > If you really want to stop traceroutes, pull the plug. extreme? ;) > Can this thread > die now? 18 * * * 19 * * * 20 * * * 21 * * * ^C p.s. ;))) -- Igor mailto:poige@morning.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?198504028264.20010628143021>