From: Earl Aboytes (Earl@xxxxxxxxxxxxxx)
Date: Fri Jun 15 2001 - 17:31:22 GMT-3
Justin,
I think that you are thinking of the trickiness that is involved with
blocking traceroute. Traceroute uses udp on a very high port first and then
icmp for the rest. Allowing it in one direction but not the other is very
tricky.
Someone correct me if I am wrong but I believe it uses UDP 3000 or higher
with a ttl that increases by one each time and then waits for the icmp error
to come back.
Packet 1 udp port 3001 ttl=1
Packet 2 udp port 3002 ttl=2
And so forth.
-----Original Message-----
From: Dean, Justin [mailto:Justin.Dean@nrtinc.com]
Sent: Tuesday, June 12, 2001 9:34 AM
To: 'ccielab@groupstudy.com'
Subject: Access-list - Deny TFTP
I am drawing a blank and I can't remember the proper way to block TFTP in an
access list. Can someone help me out. Thanks,
Justin
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:24 GMT-3