From: Scott Morris (smorris@xxxxxxxxxxxxxx)
Date: Fri Jun 15 2001 - 17:41:48 GMT-3
It depends. :)
On unix/Cisco, you send out udp packets to a high port (each probe packet is
the same). The port number can be any high port, but usually is something
above 50000 (REALLY high). The messages coming back in will be ICMP - TTL
Exceeded (along the way) or ICMP - Port Unreachable (at the final
destination).
On Windows, you send out regular ICMP echos incrementing the TTL each time,
so you'll get the ICMP - TTL Exceeded messages back or an ICMP - Echo Reply
at the final destination.
Enjoy!
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Earl Aboytes
Sent: Friday, June 15, 2001 4:31 PM
To: 'Dean, Justin'; 'ccielab@groupstudy.com'
Subject: RE: Access-list - Deny TFTP
Justin,
I think that you are thinking of the trickiness that is involved with
blocking traceroute. Traceroute uses udp on a very high port first and then
icmp for the rest. Allowing it in one direction but not the other is very
tricky.
Someone correct me if I am wrong but I believe it uses UDP 3000 or higher
with a ttl that increases by one each time and then waits for the icmp error
to come back.
Packet 1 udp port 3001 ttl=1
Packet 2 udp port 3002 ttl=2
And so forth.
-----Original Message-----
From: Dean, Justin [mailto:Justin.Dean@nrtinc.com]
Sent: Tuesday, June 12, 2001 9:34 AM
To: 'ccielab@groupstudy.com'
Subject: Access-list - Deny TFTP
I am drawing a blank and I can't remember the proper way to block TFTP in an
access list. Can someone help me out. Thanks,
Justin
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:24 GMT-3