Great Circle Associates Firewalls
(April 1998)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: RE: Questions about ICMP
From: Christopher Zarcone <czarcone @ vf . lmco . com>
Date: Wed, 08 Apr 1998 09:19:53 -0400 (EDT)
To: firewalls @ greatcircle . com
Reply-to: Christopher Zarcone <czarcone @ vf . lmco . com>

traceroute works by sending *UDP* packets with short TTLs. The packets are sent 
to a random high-numbered port on the target host.

ICMP is used for the reply messages, of which there are two:

- Time exceeded (sent by a router when the packet's TTL expires)
- Unreachable port (sent by the target host, because there is no service 
listening on random high-numbered port, well at least you hope there isn't :)

Regards,

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Christopher Zarcone - Data Communications Design Analyst
Lockheed Martin Enterprise Information Systems
czarcone @
 vf .
 lmco .
 com  *  Chris .
 Zarcone @
 lmco .
 com  *  czarcone @
 acm .
 org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       My opinions do not necessarily reflect those of my employer.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

>Guys,

>Maybe I'm just stupid today, but isn't traceroute just a series of ICMP packets
>with a specific Time-To-Live set in stages?  And if ICMP packets are allowed, 
>how do you block the "traceroute" program?



Follow-Ups:
Indexed By Date Previous: RE: socks versus fw-1 stateful inspection vulnerabilities
From: Jeff Kalwerisky <jeffk @ secure-it . net>
Next: Ascend Pipline 25
From: Michael Simonyi <msimonyi @ woodbridge . com>
Indexed By Thread Previous: RE: Questions about ICMP
From: Mike Batchelor <mbatchelor @ citysearch . com>
Next: RE: Questions about ICMP
From: Mike Hedlund <mike @ isi . net>

Google
 
Search Internet Search www.greatcircle.com