From: Muralidhar Devarasetty (dhar_murali@xxxxxxxxxxx)
Date: Thu Feb 10 2000 - 12:12:33 GMT-3
Try to apply filter using deny UDP above <port no>.
U can find this port no by just try to do extended trace then system shows
what is the first port it is going to use.
Of course there is traceroute option available on ICMP but only this
statment never worked for me.So normally I aply both these statements,
try if it works for U.
Murali
----Original Message Follows----
From: Earl Aboytes <earl@linkline.com>
Reply-To: Earl Aboytes <earl@linkline.com>
To: "dameon@aracnet.com" <dameon@aracnet.com>
CC: ccielab@groupstudy.com
Subject: RE: traceroute filter
Date: Wed, 09 Feb 2000 08:33:50 -0800
I think tracroute uses different ports on different protocols. Doesn't it
use TCP and UDP?
Earl
At 07:29 AM 2/9/00 -0800, you wrote:
>Hi,
>
>I would suggest figuring out exactly what source and destination ports are
>used. If they are different, you might be able to filter on them, like FTP
>and DNS.
>
>Lemme think about this some more...
>
>-Derek
>
>-----Original Message-----
>From: Earl Aboytes [SMTP:earl@linkline.com]
>Sent: Monday, February 07, 2000 8:25 PM
>To: ccielab@groupstudy.com
>Subject: traceroute filter
>
>All,
>I am trying to create a list that filters traceroute in one direction. In
>other words, I want to be able to traceroute out of my network but I
don''t
>want anyone in the internet to be able to trace past my firewall (a Cisco
>7507). What sort of access-list should I put at the firewall.
>
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Earl Aboytes
>Senior Technical Consultant
>GTE-Managed Solutions
>800-483-5325 x8817
>earl.aboytes@telops.gte.com
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:22:53 GMT-3