From owner-freebsd-security Fri Jun 22 18:24:47 2001 Delivered-To: freebsd-security@freebsd.org Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by hub.freebsd.org (Postfix) with ESMTP id 5A7D037B407 for ; Fri, 22 Jun 2001 18:24:40 -0700 (PDT) (envelope-from fgleiser@cactus.fi.uba.ar) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by cactus.fi.uba.ar (8.11.3/8.9.3) with ESMTP id f5N1NUM05844; Fri, 22 Jun 2001 22:23:30 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Fri, 22 Jun 2001 22:23:30 -0300 (ART) From: Fernando Gleiser To: alexus Cc: Subject: Re: disable traceroute to my host In-Reply-To: <006a01c0fb6b$2d64d830$9865fea9@book> Message-ID: <20010622221554.K5703-100000@cactus.fi.uba.ar> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 22 Jun 2001, alexus wrote: > is it possible to disable using ipfw so people won't be able to traceroute > me? I don't know if it is posible with ipfw, but with ip filter you can add a rule to block any packets with ttl=1: block in log quick on xl0 ttl 1 proto ip all That will stop windows traceroute (icmp based) as well as unix traceroute (udp based). Unix traceroute uses udp packets with destination port > 33434, but this can be changed. As far as I know, the only way to stop traceroute is to drop any packet with ttl=1. This might block legitimate trafic, but I haven't seen any packet in the wild with ttl=1 wich was not a traceroute. Hope this helps. Fer > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message