RE: How to deny traceroute?

From: Mas Kato (tealp729@xxxxxxxx)
Date: Sun May 06 2001 - 00:25:31 GMT-3

• Next message: forlab: "RE: How to deny traceroute?"
• Previous message: Fred Ingham: "Re: how to swap mac add between tokenring and ether"
• Maybe in reply to: Clifton Stewart: "How to deny traceroute?"
• Next in thread: forlab: "RE: How to deny traceroute?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Clarification: Intermediate hops return ICMP 'TTL-exceeded' messages and
the target returns an ICMP 'port-unreachable' message.

>From "Troubleshooting TCP/IP" on CCO:

Traceroute
Traceroute sends out either ICMP echo request (Windows) or UDP (most
implementations) messages with gradually increasing IP TTL values to
probe the path by which a packet traverses the network. The first packet
with the TTL set to 1 will be discarded by the first hop. The first hop
will send back an ICMP TTL "exceeded message" sourced from its IP
address facing the source of the packet. When the machine running the
traceroute receives the ICMP TTL "exceeded message", it can determine
the hop via the source IP address. This continues until the destination
is reached. The destination will either return an ICMP echo reply
(Windows) or a ICMP "port unreachable" indicating that the destination
had been reached. The Cisco implementation of traceroute sends out 3
packets at each TTL value, allowing traceroute to report routers which
have multiple equal-cost paths to the destination.

Sorry if I caused any confusion with my earlier message.

Regards,

Mas Kato

-----Original Message-----
From: Mas Kato [mailto:tealp729@home.com]
Sent: Thursday, May 03, 2001 11:01 PM
To: 'Dreams Ruan'; 'ccielab@groupstudy.com'
Subject: RE: How to deny traceroute?

Cisco traceroute targets UDP ports starting at 33434 in the outbound
direction. The returns are ICMP 'port-unreachable' messages.

I'm a little weak on other implementations of traceroute, but
interestingly enough, there is a 'traceroute' ICMP message-type.
Apparently, other implementations of traceroute may use this, along with
ICMP 'time-exceeded' and/or ICMP 'ttl-exceeded.'

There's more in the archives...

Regards,

Mas Kato

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Dreams Ruan
Sent: Thursday, May 03, 2001 10:37 PM
To: ccielab@groupstudy.com
Subject: How to deny traceroute?

Hi,guys:

    How to set the access-list to deny traceroute packet ? Thanks!

                    VB
@q#!

            Dreams Ruan
            dreams_r@163.com
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: forlab: "RE: How to deny traceroute?"
• Previous message: Fred Ingham: "Re: how to swap mac add between tokenring and ether"
• Maybe in reply to: Clifton Stewart: "How to deny traceroute?"
• Next in thread: forlab: "RE: How to deny traceroute?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:34 GMT-3