Re: How to deny traceroute?

From: Rob Hopkins (rshopkins@xxxxxxxxxxxxx)
Date: Sun May 06 2001 - 01:09:32 GMT-3

   
notice how the destination port increases across all three packets?

(capture from a router being tracerouted thru)

r4#debug ip pack 101 det
IP: s=10.9.9.5 (Serial0), d=4.4.4.4, len 32, rcvd 0
    UDP src=42098, dst=33434
IP: s=10.9.9.5 (Serial0), d=4.4.4.4, len 32, rcvd 0
    UDP src=39791, dst=33435
IP: s=10.9.9.5 (Serial0), d=4.4.4.4, len 32, rcvd 0
    UDP src=41168, dst=33436
r4#

Thanks,
Rob Hopkins

----- Original Message -----
From: "Mas Kato" <tealp729@home.com>
To: "'Mas Kato'" <tealp729@home.com>; "'Dreams Ruan'" <dreams_r@163.com>;
<ccielab@groupstudy.com>
Sent: Saturday, May 05, 2001 11:25 PM
Subject: RE: How to deny traceroute?

> Clarification: Intermediate hops return ICMP 'TTL-exceeded' messages and
> the target returns an ICMP 'port-unreachable' message.
>
> From "Troubleshooting TCP/IP" on CCO:
>
> Traceroute
> Traceroute sends out either ICMP echo request (Windows) or UDP (most
> implementations) messages with gradually increasing IP TTL values to
> probe the path by which a packet traverses the network. The first packet
> with the TTL set to 1 will be discarded by the first hop. The first hop
> will send back an ICMP TTL "exceeded message" sourced from its IP
> address facing the source of the packet. When the machine running the
> traceroute receives the ICMP TTL "exceeded message", it can determine
> the hop via the source IP address. This continues until the destination
> is reached. The destination will either return an ICMP echo reply
> (Windows) or a ICMP "port unreachable" indicating that the destination
> had been reached. The Cisco implementation of traceroute sends out 3
> packets at each TTL value, allowing traceroute to report routers which
> have multiple equal-cost paths to the destination.
>
> Sorry if I caused any confusion with my earlier message.
>
> Regards,
>
> Mas Kato
>
> -----Original Message-----
> From: Mas Kato [mailto:tealp729@home.com]
> Sent: Thursday, May 03, 2001 11:01 PM
> To: 'Dreams Ruan'; 'ccielab@groupstudy.com'
> Subject: RE: How to deny traceroute?
>
>
> Cisco traceroute targets UDP ports starting at 33434 in the outbound
> direction. The returns are ICMP 'port-unreachable' messages.
>
> I'm a little weak on other implementations of traceroute, but
> interestingly enough, there is a 'traceroute' ICMP message-type.
> Apparently, other implementations of traceroute may use this, along with
> ICMP 'time-exceeded' and/or ICMP 'ttl-exceeded.'
>
> There's more in the archives...
>
> Regards,
>
> Mas Kato
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Dreams Ruan
> Sent: Thursday, May 03, 2001 10:37 PM
> To: ccielab@groupstudy.com
> Subject: How to deny traceroute?
>
>
> Hi,guys:
>
> How to set the access-list to deny traceroute packet ? Thanks!
>
>
>
> VB
> @q#!
>
> Dreams Ruan
> dreams_r@163.com
> **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:34 GMT-3