Date: Sun, 17 Sep 2000 12:53:58 -0400 (EDT) From: Chris C <ctcanova@earthlink.net> To: Emmanuel Gravel <egravel@earthlink.net>, freebsd-net@FreeBSD.ORG Subject: RE: Strange TTL Exceeded messages Message-ID: <382805774.969209639079.JavaMail.root@web624-wrb.mail.com>
next in thread | raw e-mail | index | archive | help
------Original Message------ From: Emmanuel Gravel <egravel@earthlink.net> To: freebsd-net@FreeBSD.ORG Sent: September 10, 2000 5:07:13 PM GMT Subject: Strange TTL Exceeded messages <snip> According to "Hackers Exposed: Network Security Secrets and Solutions" by Stuart McClure, Joel Scambray and George Kurtz page 326 "Firewalk (http://www.packetfactory.net/firewalk/) is a nifty tool that, like a port scanner, will discover ports open behind a firewall..." "Firewalk works by constructing packets with an IP TTL calculated to expire one hop past the firewall. The theory is that if the packet is allowed by the firewall, it will be allowed to pass and will expire as expected, eliciting an "ICMP TTL expired in transit" message. On the other hand, if the packet is blocked by the firewall's ACL, it will be dropped, and either no response will be sent, or an ICMP type 13 admin prohibited filter packet will be sent" Prevention: block ICMP TTL Expired packets at external interface level You're under attack, this book i quoted is a really good way to glean a lot of information and preventative methods for system admins, and i garuantee that hackers are reading it, why shouldn't you? cc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?382805774.969209639079.JavaMail.root>