Security Question (Traceroute)

From: Mike Haddad (mike.haddad@hotmail.com)
Date: Sun Mar 16 2008 - 00:32:40 ART

• Next message: Mike Haddad: "NBAR Classification Question"
• Previous message: S Malik: "Re: Route selection for Inter Area routes"
• Next in thread: Ahsan Mohiuddin: "Re: Security Question (Traceroute)"
• Maybe reply: Ahsan Mohiuddin: "Re: Security Question (Traceroute)"
• Maybe reply: Mike Haddad: "RE: Security Question (Traceroute)"
• Maybe reply: Joseph Saad: "Re: Security Question (Traceroute)"
• Maybe reply: Ahsan Mohiuddin: "RE: Security Question (Traceroute)"
• Maybe reply: Mike Haddad: "RE: Security Question (Traceroute)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,

   I know that traceroute varies depening on the platform used. Some platform
use ICMP and some others use UDP as in cisco routers. THe issue is if I was
requested to allow traceroute inbound what should I choose UDP or ICMP?
ICMP ACL:
permit icmp any any time-exceeded
permit icmp any any port-unreachable

The above will allow traceroute Inbound and outbound

UDP AC:
Permit udp any any range 33434 33464

The above will allow traceroute Inbound and outbound using UDP

I appreciate your clarification and please correct me if I am incorrect,
Regards,

• Next message: Mike Haddad: "NBAR Classification Question"
• Previous message: S Malik: "Re: Route selection for Inter Area routes"
• Next in thread: Ahsan Mohiuddin: "Re: Security Question (Traceroute)"
• Maybe reply: Ahsan Mohiuddin: "Re: Security Question (Traceroute)"
• Maybe reply: Mike Haddad: "RE: Security Question (Traceroute)"
• Maybe reply: Joseph Saad: "Re: Security Question (Traceroute)"
• Maybe reply: Ahsan Mohiuddin: "RE: Security Question (Traceroute)"
• Maybe reply: Mike Haddad: "RE: Security Question (Traceroute)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:53 ART