Date: Sun, 23 May 1999 19:00:21 -0400 From: "Bert Kellerman" <bertke@iglou.com> To: "Matthew Dillon" <dillon@apollo.backplane.com> Cc: <security@FreeBSD.ORG> Subject: Re: Denial of service attack from "imagelock.com" Message-ID: <009401bea570$09546a80$5f64a8c0@crackhouse.com> References: <4.2.0.37.19990522105949.0465d4a0@localhost> <199905221714.KAA74179@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You need UDP connectivity to perform a successful traceroute from a UNIX client..not TCP. The port number it uses is invalid ( like 33,000 i *believe* ) but of course it doesn't matter as all it does is increment the ttl and record the router that sends it back an ICMP 'TTL expired in transit'. Now M$ on the other hand decided to use ICMP echo requests for traceroute on their OSes and of course alot of nets block ICMP. So either way, my point is that an HTTP connection doesn't necessarily mean you can traceroute to it. I see now you might have been saying that because of an IP address existing you can traceroute, but just wanted to clarify :) Thanks Bert > If they are actually making TCP connections, then their IP address is > likely to be valid. This means you should be able to traceroute the > IP address to see what the last hop network is. You can then complain > to that network - I'd call up their NOC. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009401bea570$09546a80$5f64a8c0>