From: forlab (forccielab@xxxxxxxxx)
Date: Sun May 06 2001 - 02:30:45 GMT-3
It's ease, the 33434 : when i use 'debug ip packet detail' , they
are alwayse frome this udp port.
the 33689: because they use TTL exceeded, so, they can't bigger than
33434 + 255
good luck
2001/05/06 12:25:51, Darren Ward <dward@pla.net.au> wrote:
>Hi,
>
>Where did you get the reference for those ports?
>
>Darren
>
>forlab wrote:
>
>> access-l 100 deny udp any any range 33434 33689
>> inter s 0
>> ip access-group 100 out
>>
>> Good Luck
>>
>> 2001/05/06 11:25:31, Mas Kato <tealp729@home.com> wrote:
>>
>> >Clarification: Intermediate hops return ICMP 'TTL-exceeded'
messages
>> and
>> >the target returns an ICMP 'port-unreachable' message.
>> >
>> >From "Troubleshooting TCP/IP" on CCO:
>> >
>> >Traceroute
>> >Traceroute sends out either ICMP echo request (Windows) or UDP
(most
>> >implementations) messages with gradually increasing IP TTL values
to
>> >probe the path by which a packet traverses the network. The first
>> packet
>> >with the TTL set to 1 will be discarded by the first hop. The
first
>> hop
>> >will send back an ICMP TTL "exceeded message" sourced from its IP
>> >address facing the source of the packet. When the machine running
the
>> >traceroute receives the ICMP TTL "exceeded message", it can
determine
>> >the hop via the source IP address. This continues until the
>> destination
>> >is reached. The destination will either return an ICMP echo reply
>> >(Windows) or a ICMP "port unreachable" indicating that the
>> destination
>> >had been reached. The Cisco implementation of traceroute sends out
3
>> >packets at each TTL value, allowing traceroute to report routers
>> which
>> >have multiple equal-cost paths to the destination.
>> >
>> >Sorry if I caused any confusion with my earlier message.
>> >
>> >Regards,
>> >
>> >Mas Kato
>> >
>> >-----Original Message-----
>> >From: Mas Kato [mailto:tealp729@home.com]
>> >Sent: Thursday, May 03, 2001 11:01 PM
>> >To: 'Dreams Ruan'; 'ccielab@groupstudy.com'
>> >Subject: RE: How to deny traceroute?
>> >
>> >
>> >Cisco traceroute targets UDP ports starting at 33434 in the
outbound
>> >direction. The returns are ICMP 'port-unreachable' messages.
>> >
>> >I'm a little weak on other implementations of traceroute, but
>> >interestingly enough, there is a 'traceroute' ICMP message-type.
>> >Apparently, other implementations of traceroute may use this,
along
>> with
>> >ICMP 'time-exceeded' and/or ICMP 'ttl-exceeded.'
>> >
>> >There's more in the archives...
>> >
>> >Regards,
>> >
>> >Mas Kato
>> >
>> >-----Original Message-----
>> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On
Behalf
>> Of
>> >Dreams Ruan
>> >Sent: Thursday, May 03, 2001 10:37 PM
>> >To: ccielab@groupstudy.com
>> >Subject: How to deny traceroute?
>> >
>> >
>> >Hi,guys:
>> >
>> > How to set the access-list to deny traceroute packet ? Thanks!
>> >
>> >
>> >
>> > VB
>> >@q#!
>> >
>> > Dreams Ruan
>> > dreams_r@163.com
>> >**Please read:http://www.groupstudy.com/list/posting.html
>> >**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:34 GMT-3