Re: How to deny traceroute?

From: forlab (forccielab@xxxxxxxxx)
Date: Sun May 06 2001 - 03:19:34 GMT-3

   
Thank you .

I check it again , now, i agree with you .

Good Luck

2001/05/06 14:16:40, "Rob Hopkins" <rshopkins@earthlink.net> wrote:

>but if it sends three packets per hop, shouldnt the max value be
34199
>
>ie 3*255 = 765,
>
>min = 33434
>max = min+765 = 34199
>
>Thanks,
>
>Rob Hopkins
>
>
>
>
>
>
>
>1.6180339887499
>----- Original Message -----
>From: "forlab" <forccielab@yahoo.com>
>To: "Darren Ward" <dward@pla.net.au>
>Cc: "Mas Kato" <tealp729@home.com>; "'Dreams Ruan'" <dreams_r@
163.com>;
><ccielab@groupstudy.com>
>Sent: Sunday, May 06, 2001 1:30 AM
>Subject: Re: How to deny traceroute?
>
>
>> It's ease, the 33434 : when i use 'debug ip packet detail' , they
>> are alwayse frome this udp port.
>>
>> the 33689: because they use TTL exceeded, so, they can't bigger
than
>> 33434 + 255
>>
>> good luck
>>
>>
>> 2001/05/06 12:25:51, Darren Ward <dward@pla.net.au> wrote:
>>
>> >Hi,
>> >
>> >Where did you get the reference for those ports?
>> >
>> >Darren
>> >
>> >forlab wrote:
>> >
>> >> access-l 100 deny udp any any range 33434 33689
>> >> inter s 0
>> >> ip access-group 100 out
>> >>
>> >> Good Luck
>> >>
>> >> 2001/05/06 11:25:31, Mas Kato <tealp729@home.com> wrote:
>> >>
>> >> >Clarification: Intermediate hops return ICMP 'TTL-exceeded'
>> messages
>> >> and
>> >> >the target returns an ICMP 'port-unreachable' message.
>> >> >
>> >> >From "Troubleshooting TCP/IP" on CCO:
>> >> >
>> >> >Traceroute
>> >> >Traceroute sends out either ICMP echo request (Windows) or UDP
>> (most
>> >> >implementations) messages with gradually increasing IP TTL
values
>> to
>> >> >probe the path by which a packet traverses the network. The
first
>> >> packet
>> >> >with the TTL set to 1 will be discarded by the first hop. The
>> first
>> >> hop
>> >> >will send back an ICMP TTL "exceeded message" sourced from its
IP
>> >> >address facing the source of the packet. When the machine
running
>> the
>> >> >traceroute receives the ICMP TTL "exceeded message", it can
>> determine
>> >> >the hop via the source IP address. This continues until the
>> >> destination
>> >> >is reached. The destination will either return an ICMP echo
reply
>> >> >(Windows) or a ICMP "port unreachable" indicating that the
>> >> destination
>> >> >had been reached. The Cisco implementation of traceroute sends
out
>> 3
>> >> >packets at each TTL value, allowing traceroute to report
routers
>> >> which
>> >> >have multiple equal-cost paths to the destination.
>> >> >
>> >> >Sorry if I caused any confusion with my earlier message.
>> >> >
>> >> >Regards,
>> >> >
>> >> >Mas Kato
>> >> >
>> >> >-----Original Message-----
>> >> >From: Mas Kato [mailto:tealp729@home.com]
>> >> >Sent: Thursday, May 03, 2001 11:01 PM
>> >> >To: 'Dreams Ruan'; 'ccielab@groupstudy.com'
>> >> >Subject: RE: How to deny traceroute?
>> >> >
>> >> >
>> >> >Cisco traceroute targets UDP ports starting at 33434 in the
>> outbound
>> >> >direction. The returns are ICMP 'port-unreachable' messages.
>> >> >
>> >> >I'm a little weak on other implementations of traceroute, but
>> >> >interestingly enough, there is a 'traceroute' ICMP message-
type.
>> >> >Apparently, other implementations of traceroute may use this,
>> along
>> >> with
>> >> >ICMP 'time-exceeded' and/or ICMP 'ttl-exceeded.'
>> >> >
>> >> >There's more in the archives...
>> >> >
>> >> >Regards,
>> >> >
>> >> >Mas Kato
>> >> >
>> >> >-----Original Message-----
>> >> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On
>> Behalf
>> >> Of
>> >> >Dreams Ruan
>> >> >Sent: Thursday, May 03, 2001 10:37 PM
>> >> >To: ccielab@groupstudy.com
>> >> >Subject: How to deny traceroute?
>> >> >
>> >> >
>> >> >Hi,guys:
>> >> >
>> >> > How to set the access-list to deny traceroute packet ?
Thanks!
>> >> >
>> >> >
>> >> >
>> >> > VB
>> >> >@q#!
>> >> >
>> >> > Dreams Ruan
>> >> > dreams_r@163.com
>> >> >**Please read:http://www.groupstudy.com/list/posting.html
>> >> >**Please read:http://www.groupstudy.com/list/posting.html

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:34 GMT-3