Re: how to block traeroute ouput but permit ping ...

From: Sameer Khosla (skhosla@xxxxxxxxx)
Date: Sun Feb 25 2001 - 20:48:18 GMT-3

• Next message: Chad Larsen: "Lab Swap - April 19/20 RTP"
• Previous message: Scott Morris: "RE: IPX Troubleshooting"
• Maybe in reply to: JZ: "how to block traeroute ouput but permit ping ..."
• Next in thread: Fred Ingham: "Re: how to block traeroute ouput but permit ping ..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
If I'm not mistaken, I believe traceroute utilizes UDP ports 33400 - 33499. If
 you block them, you should be able to
block the trace.

Sameer

JZ wrote:

> Hi, here is an issue I have been working on but no lucky..
>
> rL:s0 ----------------s1:rM:s0 --------------- s0:rR
> "tr < rR:s0 IP>" ACL# 100 /out
> apply on rM:s0
>
> Q: apply access-group 100 OUT on rM:s0 to block the output
> of traceroute from rL toward rR:s0, but allow rL ping
> rR
>
> My cfg. on rM:
> int s0
> ip access-group 100 out
> !
> acl 100 deny icmp any Any eq traceroute
> acl 100 permit ip any Any
> !
> While verify, from rL: using " tr <rR:s0's IP> "
> I can still see the output from both routers: rM and rR.
> not just rM.
>
> Was anything wrong in my cfg. ?
>
> Thanks in advance.
>
> JZ
> Sunday
>

• Next message: Chad Larsen: "Lab Swap - April 19/20 RTP"
• Previous message: Scott Morris: "RE: IPX Troubleshooting"
• Maybe in reply to: JZ: "how to block traeroute ouput but permit ping ..."
• Next in thread: Fred Ingham: "Re: how to block traeroute ouput but permit ping ..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:00 GMT-3