Firewalls: RE: Questions about ICMP

Firewalls
(April 1998)

Indexed By Thread: [Previous] [Next]

Subject:	RE: Questions about ICMP
From:	Christopher Zarcone <czarcone @ vf . lmco . com>
Date:	Wed, 08 Apr 1998 09:19:53 -0400 (EDT)
To:	firewalls @ greatcircle . com
Reply-to:	Christopher Zarcone <czarcone @ vf . lmco . com>

traceroute works by sending *UDP* packets with short TTLs. The packets are sent 
to a random high-numbered port on the target host.

ICMP is used for the reply messages, of which there are two:

- Time exceeded (sent by a router when the packet's TTL expires)
- Unreachable port (sent by the target host, because there is no service 
listening on random high-numbered port, well at least you hope there isn't :)

Regards,

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Christopher Zarcone - Data Communications Design Analyst
Lockheed Martin Enterprise Information Systems
czarcone @
 vf .
 lmco .
 com  *  Chris .
 Zarcone @
 lmco .
 com  *  czarcone @
 acm .
 org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       My opinions do not necessarily reflect those of my employer.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

>Guys,

>Maybe I'm just stupid today, but isn't traceroute just a series of ICMP packets
>with a specific Time-To-Live set in stages?  And if ICMP packets are allowed, 
>how do you block the "traceroute" program?

Follow-Ups:

RE: Questions about ICMP
From: Mike Hedlund <mike @ isi . net>

Indexed By Date	Previous:	RE: socks versus fw-1 stateful inspection vulnerabilities From: Jeff Kalwerisky <jeffk @ secure-it . net>
Indexed By Date	Next:	Ascend Pipline 25 From: Michael Simonyi <msimonyi @ woodbridge . com>
Indexed By Thread	Previous:	RE: Questions about ICMP From: Mike Batchelor <mbatchelor @ citysearch . com>
Indexed By Thread	Next:	RE: Questions about ICMP From: Mike Hedlund <mike @ isi . net>