Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 24 May 1999 11:33:06 -0700
From:      "Jan B. Koum " <jkb@best.com>
To:        sthaug@nethelp.no, nate@mt.sri.com
Cc:        security@FreeBSD.ORG
Subject:   Re: Denial of service attack from "imagelock.com"
Message-ID:  <19990524113306.A29468@best.com>
In-Reply-To: <33876.927565339@verdi.nethelp.no>; from sthaug@nethelp.no on Mon, May 24, 1999 at 07:02:19PM %2B0200
References:  <199905241644.KAA12091@mt.sri.com> <33876.927565339@verdi.nethelp.no>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, May 24, 1999 at 07:02:19PM +0200, sthaug@nethelp.no wrote:
> > -current is not used by very many folks (it certainly should not be used
> > by anyone in production environments) and non-UDP traceroute is only
> > used by a few OS's.
> 
> Checking some more I see that it has actually been MFCed, so the non-UDP
> version is also in 3.2-STABLE (but not in 3.2-RELEASE).
> 
> Anybody know of other OSes that have the non-UDP version? (Excluding
> Windows, of course, which has been based on ICMP all the time, AFAIK).
> 
> Steinar Haug, Nethelp consulting, sthaug@nethelp.no
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message


	Actually 3.2-STABLE uses UDP version by default. Look:

foo% traceroute nau
traceroute to nautilus.yahoo.com (206.132.89.24), 30 hops max, 40 byte packets
 1  nautilus (206.132.89.24)  0.332 ms  0.283 ms  0.234 ms

nautilus% !! and not port 22
tcpdump host foo and not port 22
tcpdump: listening on fxp0
11:30:03.082728 foo.yahoo.com.34556 > nautilus.yahoo.com.33435: udp 12 [ttl 1]
11:30:03.082817 nautilus.yahoo.com > foo.yahoo.com: icmp: nautilus.yahoo.com udp port 33435 unreachable
11:30:03.085415 foo.yahoo.com.34556 > nautilus.yahoo.com.33436: udp 12 [ttl 1]
11:30:03.085488 nautilus.yahoo.com > foo.yahoo.com: icmp: nautilus.yahoo.com udp port 33436 unreachable
11:30:03.085824 foo.yahoo.com.34556 > nautilus.yahoo.com.33437: udp 12 [ttl 1]
11:30:03.085877 nautilus.yahoo.com > foo.yahoo.com: icmp: nautilus.yahoo.com udp port 33437 unreachable


	BTW, would be nice to put traceroute 1.4 into /usr/src/contrib .. it
ihas support for icmp only traceroute (-I) which is IMHO cool. ;)

-- Yan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990524113306.A29468>