From: Zeng Puyang (zbridge98@xxxxxxxxx)
Date: Sun May 06 2001 - 03:00:32 GMT-3
Cisco traceroute use 3 packets per ttl, so it shoud be 33434-34198.
Am I correct ?
Zeng
----- Original Message -----
From: "forlab" <forccielab@yahoo.com>
To: "Darren Ward" <dward@pla.net.au>
Cc: "Mas Kato" <tealp729@home.com>; "'Dreams Ruan'" <dreams_r@163.com>; <cciela
b@groupstudy.com>
Sent: Sunday, May 06, 2001 1:30 PM
Subject: Re: How to deny traceroute?
> It's ease, the 33434 : when i use 'debug ip packet detail' , they
> are alwayse frome this udp port.
>
> the 33689: because they use TTL exceeded, so, they can't bigger than
> 33434 + 255
>
> good luck
>
>
> 2001/05/06 12:25:51, Darren Ward <dward@pla.net.au> wrote:
>
> >Hi,
> >
> >Where did you get the reference for those ports?
> >
> >Darren
> >
> >forlab wrote:
> >
> >> access-l 100 deny udp any any range 33434 33689
> >> inter s 0
> >> ip access-group 100 out
> >>
> >> Good Luck
> >>
> >> 2001/05/06 11:25:31, Mas Kato <tealp729@home.com> wrote:
> >>
> >> >Clarification: Intermediate hops return ICMP 'TTL-exceeded'
> messages
> >> and
> >> >the target returns an ICMP 'port-unreachable' message.
> >> >
> >> >From "Troubleshooting TCP/IP" on CCO:
> >> >
> >> >Traceroute
> >> >Traceroute sends out either ICMP echo request (Windows) or UDP
> (most
> >> >implementations) messages with gradually increasing IP TTL values
> to
> >> >probe the path by which a packet traverses the network. The first
> >> packet
> >> >with the TTL set to 1 will be discarded by the first hop. The
> first
> >> hop
> >> >will send back an ICMP TTL "exceeded message" sourced from its IP
> >> >address facing the source of the packet. When the machine running
> the
> >> >traceroute receives the ICMP TTL "exceeded message", it can
> determine
> >> >the hop via the source IP address. This continues until the
> >> destination
> >> >is reached. The destination will either return an ICMP echo reply
> >> >(Windows) or a ICMP "port unreachable" indicating that the
> >> destination
> >> >had been reached. The Cisco implementation of traceroute sends out
> 3
> >> >packets at each TTL value, allowing traceroute to report routers
> >> which
> >> >have multiple equal-cost paths to the destination.
> >> >
> >> >Sorry if I caused any confusion with my earlier message.
> >> >
> >> >Regards,
> >> >
> >> >Mas Kato
> >> >
> >> >-----Original Message-----
> >> >From: Mas Kato [mailto:tealp729@home.com]
> >> >Sent: Thursday, May 03, 2001 11:01 PM
> >> >To: 'Dreams Ruan'; 'ccielab@groupstudy.com'
> >> >Subject: RE: How to deny traceroute?
> >> >
> >> >
> >> >Cisco traceroute targets UDP ports starting at 33434 in the
> outbound
> >> >direction. The returns are ICMP 'port-unreachable' messages.
> >> >
> >> >I'm a little weak on other implementations of traceroute, but
> >> >interestingly enough, there is a 'traceroute' ICMP message-type.
> >> >Apparently, other implementations of traceroute may use this,
> along
> >> with
> >> >ICMP 'time-exceeded' and/or ICMP 'ttl-exceeded.'
> >> >
> >> >There's more in the archives...
> >> >
> >> >Regards,
> >> >
> >> >Mas Kato
> >> >
> >> >-----Original Message-----
> >> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On
> Behalf
> >> Of
> >> >Dreams Ruan
> >> >Sent: Thursday, May 03, 2001 10:37 PM
> >> >To: ccielab@groupstudy.com
> >> >Subject: How to deny traceroute?
> >> >
> >> >
> >> >Hi,guys:
> >> >
> >> > How to set the access-list to deny traceroute packet ? Thanks!
> >> >
> >> >
> >> >
> >> > VB
> >> >@q#!
> >> >
> >> > Dreams Ruan
> >> > dreams_r@163.com
> >> >**Please read:http://www.groupstudy.com/list/posting.html
> >> >**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:34 GMT-3