RE: Access-list - Deny TFTP

From: tom cheung (tkc9789@xxxxxxxxxxx)
Date: Sat Jun 16 2001 - 11:46:57 GMT-3

• Next message: Scott Morris: "RE: Access-list - Deny TFTP"
• Previous message: Paul Borghese: "E-Mail worm"
• Maybe in reply to: Dean, Justin: "Access-list - Deny TFTP"
• Next in thread: Scott Morris: "RE: Access-list - Deny TFTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Scott,
According to Doyle's "Routing TCP/IP Volume II", page 354, "Cisco's trace
use ICMP packets and Microsoft Windows 95 uses UDP packets...".
So which one is correct?

Tom

>From: "Scott Morris" <smorris@mentortech.com>
>Reply-To: "Scott Morris" <smorris@mentortech.com>
>To: "'Earl Aboytes'" <Earl@dnssystems.com>, "'Dean, Justin'"
><Justin.Dean@nrtinc.com>, <ccielab@groupstudy.com>
>Subject: RE: Access-list - Deny TFTP
>Date: Fri, 15 Jun 2001 16:41:48 -0400
>
>It depends. :)
>
>On unix/Cisco, you send out udp packets to a high port (each probe packet
>is
>the same). The port number can be any high port, but usually is something
>above 50000 (REALLY high). The messages coming back in will be ICMP - TTL
>Exceeded (along the way) or ICMP - Port Unreachable (at the final
>destination).
>
>On Windows, you send out regular ICMP echos incrementing the TTL each time,
>so you'll get the ICMP - TTL Exceeded messages back or an ICMP - Echo Reply
>at the final destination.
>
>Enjoy!
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>Earl Aboytes
>Sent: Friday, June 15, 2001 4:31 PM
>To: 'Dean, Justin'; 'ccielab@groupstudy.com'
>Subject: RE: Access-list - Deny TFTP
>
>
>Justin,
>I think that you are thinking of the trickiness that is involved with
>blocking traceroute. Traceroute uses udp on a very high port first and
>then
>icmp for the rest. Allowing it in one direction but not the other is very
>tricky.
>Someone correct me if I am wrong but I believe it uses UDP 3000 or higher
>with a ttl that increases by one each time and then waits for the icmp
>error
>to come back.
>
>Packet 1 udp port 3001 ttl=1
>Packet 2 udp port 3002 ttl=2
>And so forth.
>
>
>
> -----Original Message-----
>From: Dean, Justin [mailto:Justin.Dean@nrtinc.com]
>Sent: Tuesday, June 12, 2001 9:34 AM
>To: 'ccielab@groupstudy.com'
>Subject: Access-list - Deny TFTP
>
>I am drawing a blank and I can't remember the proper way to block TFTP in
>an
>access list. Can someone help me out. Thanks,
>
>Justin
>**Please read:http://www.groupstudy.com/list/posting.html
>**Please read:http://www.groupstudy.com/list/posting.html
>**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Scott Morris: "RE: Access-list - Deny TFTP"
• Previous message: Paul Borghese: "E-Mail worm"
• Maybe in reply to: Dean, Justin: "Access-list - Deny TFTP"
• Next in thread: Scott Morris: "RE: Access-list - Deny TFTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:24 GMT-3