Firewalls: Re: traceroute

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: traceroute
From:	apilosov @ cantor . com
Date:	Fri, 06 Sep 96 12:01:21 EST
To:	firewalls @ GreatCircle . COM, "James Rippas (Technology)" <jrippas @ fcmc . com>

     AFAIK, traceroute operates by sending UDP packet destined for
     random port. So you can't really enable traceroute past packet filter.
     Maybe you can try looking at exact format of UDP packet traceroute sends
     and allow packets with just that combination of bytes. 
     But I bet someone smart can hack this setup.

     --alex

______________________________ Reply Separator _________________________________
Subject: traceroute
Author:  "James Rippas (Technology)" <jrippas @
 fcmc .
 com> at Internet
Date:    9/6/96 11:03 AM


Hi,
     
I'd like to know what ports/protocol I need to permit through a packet filter 
for traceroute to work.  I've tried just ICMP/traceroute, but that doesn't 
work. I suspect I need to let a UDP port through, but I'm not sure.
     
Thanks,
     
-jim

Follow-Ups:

Re: traceroute
From: Geoff Mulligan <geoff @ mulligan . com>
Re: traceroute
From: girsch @ marben . com (Arnaud Girsch)

Indexed By Date	Previous:	Re: authenticated/encrypted sessions From: Chris Garrigues <cwg @ DeepEddy . Com>
Indexed By Date	Next:	Re: Building a monitoring system From: Todd Graham Lewis <tlewis @ mindspring . com>
Indexed By Thread	Previous:	Re: traceroute From: Adrian Setton <asetton @ lightech . com . ar>
Indexed By Thread	Next:	Re: traceroute From: girsch @ marben . com (Arnaud Girsch)