Oops, my bad. Thought in real world terms.
Gosh, knowing how to deal (with anything) requires knowing the
details, and asking crazy things to force you to know the details
seems the name of the game.
Problem is that it is hard to be at the right "altitude" over the matter:
Too high, you miss the point. Too low, the problem is unsolvable
(cause you can send ANYTHING to trigger a TTL exceeded icmp response,
even a tcp open ala tcptraceroute).
Sorry for the noise,
-Carlos
Sergey Khalavchuk @ 1/05/2009 9:08 -0200 dixit:
> task wording required block outgoing packets, not inbound.
>
> and you ask why someone want to do such things? i think you can
> encounter and more crazy tasks in ccie labs :)
>
> On Fri, May 1, 2009 at 3:04 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar> wrote:
>> Just filter the unreachables back...
>> ...but why would someone want to do that ???
>>
>> Sergey Khalavchuk @ 1/05/2009 8:46 -0200 dixit:
>>> two or three days ago i was asked to filter outgoing traceroute packets.
>>> matching on source UDP port is like a solution (if you know what ports
>>> are used) :)
>>>
>>> On Fri, May 1, 2009 at 2:17 PM, Dale Shaw <dale.shaw_at_gmail.com> wrote:
>>>> I reckon any task that asked you to do that wouldn't actually require
>>>> you to know the range :-)
>>>>
>>>> (in other words, it'd be a reflexive ACL or CBAC task where return
>>>> traffic associated outbound probes would be automagically permitted
>>>> based on a state table entry.)
>>>>
>>>> cheers,
>>>> Dale
>>>>
>>>> On Fri, May 1, 2009 at 1:57 PM, CCIE RS <cc13rs_at_gmail.com> wrote:
>>>>> Thanks for the Link Scott!
>>>>> I am asking this question form the perspective of LAB exam where, If asked
>>>>> to configure an ACL (Somewhere in the path), but still allow outgoing
>>>>> traceroute Packets.
>>>>> I know the UDP port range starts form 33434, but I am clueless about the
>>>>> upper limit. :(
>>>>>
>>>>> -CC13RS.
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>> --
>> Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
>>
-- Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina Blogs and organic groups at http://www.ccie.netReceived on Fri May 01 2009 - 10:19:13 ART
This archive was generated by hypermail 2.2.0 : Mon Jun 01 2009 - 07:04:41 ART