From: Long Kwok (lkwok@ccieunix.com)
Date: Mon May 16 2005 - 21:11:22 GMT-3
Hi, Looks like cisco IOS does use UDP when you use traceroute command
from a cisco IOS . Example topology needed to reference is IE 2 , R1
sends traceroute to LAN behind R5 , only combination I have been able to
find to stop is to put filter as close as possible to source of
traceoute , if the below ACL (only line 40 ) is placed on R5's inbound
serial interface , when you Trace from R1 it looks as if trace gets
through successfully , this is trace with filter on R2 , the next hop
for R1 to reach R5's remote networks , no form of blocking icmp stops
IOS traceroute command , as I can see only udp as you see there is 12
matches ?? Any other methods or thoughts regarding Traceroute ? Wonder
if linux or windows box also uses UDP as transport for traceroute
function as it appears that cisco IOS only uses udp ??
TIA , Long
Extended IP access list DENY-TRACEROUTE
10 deny icmp any any time-exceeded
20 deny icmp any any port-unreachable
40 deny udp any 192.10.1.0 0.0.0.255 (12 matches)
50 deny udp 192.10.1.0 0.0.0.255 any
60 permit ip any any (65 matches)
Rack1R2#
Type escape sequence to abort.
Tracing the route to 192.10.1.254
1 132.1.0.2 !A * !A
Rack1R1#
Rack1R1#
Rack1R1#
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:58 GMT-3