Guys,
Maybe I'm just stupid today, but isn't traceroute just a series of ICMP packets
with a specific Time-To-Live set in stages? And if ICMP packets are allowed,
how do you block the "traceroute" program?
Bob De Witt,
(old email address: rdew @
el .
nec .
com)
(new email address, after 4/10/98: rdew @
.
.
.
tbd .
.
.
)
The views expressed herein are my own,
and are not attributable to any other
source, be it employer, friend or foe.
> From Rick_McMaster @
freddiemac .
com Mon Apr 6 23:48:50 1998
> From: Rick_McMaster @
freddiemac .
com (McMaster, Rick)
> To: firewalls @
GreatCircle .
COM (firewalls), rramirez @
encomix .
es (Roman Ramirez)
> Mime-Version: 1.0
> Date: Wed, 01 Apr 1998 18:24:46 -0500
> Subject: RE: Questions about ICMP
>
>
> I do not have a real problem with ping to and from specific hosts, but I
> would never allow traceroute through my firewalls. Using traceroute a
> person can map your entire internal network.
>
> Rick
> ----------
> >From: Roman Ramirez
> >To: firewalls
> >Subject: Questions about ICMP
> >Date: Wednesday, April 01, 1998 6:27AM
> >
> >Hello:
> >
> >I have some questions about ICMP filtering, what kind of icmp packets
> >should I filter?
> >
> >In other way, what icmp options can I permit in packets?
> >
> >Im seeking for a RESTRICTIVE policy, but I need to let ping and
> >traceroute get out and in...
> >
> >Thx in advance
> >
> >--
> >http://www.encomix.es/users/patowc
> >mailto://rramirez @
encomix .
es
> >
> >
> >
> >
> >------ Message Header Follows ------
> >Received: from mailgate.freddiemac.com by msmail.freddiemac.com
> > (PostalUnion/SMTP(tm) v2.1.9f for Windows NT(tm))
> > id AA-1998Apr01.062736.1065.1051837; Wed, 01 Apr 1998 06:27:37 -0500
> >Received: from hq1xfwa.freddiemac.com (hq1xfwa1.freddiemac.com
> >[204.253.137.238])
> > by mailgate.freddiemac.com (8.8.5/8.8.5) with ESMTP id GAA19896
> > for <Rick_McMaster @
freddiemac .
com>; Wed, 1 Apr 1998 06:17:15 -0500 (EST)
> >Received: from relay1.UU.NET (relay1.UU.NET [192.48.96.5]) by
> >hq1xfwa.freddiemac.com (8.8.5/nope) with ESMTP id FAA21482 for
> ><Rick_McMaster @
freddiemac .
com>; Wed, 1 Apr 1998 05:54:00 -0500 (EST)
> >Received: from honor.greatcircle.com by relay1.UU.NET with ESMTP
> > (peer crosschecked as: honor.greatcircle.com [198.102.244.44])
> > id QQejfh19043; Wed, 1 Apr 1998 06:19:35 -0500 (EST)
> >Received: (majordom @
localhost) by honor.greatcircle.com
> >(8.8.5/Honor-Lists-970926-1) id WAA26565; Tue, 31 Mar 1998 22:14:42 -0800
> >(PST)
> >Received: from mesache.encomix.es (mesache.encomix.es [194.143.192.3]) by
> >honor.greatcircle.com (8.8.5/Honor-980202-1) with SMTP id WAA26533 for
> ><firewalls @
greatcircle .
com>; Tue, 31 Mar 1998 22:14:28 -0800 (PST)
> >Received: (qmail 2500 invoked from network); 1 Apr 1998 06:16:35 -0000
> >Received: from hell.encomix.es (HELO encomix.es) (root @
194 .
143 .
192 .
22)
> > by mesache.encomix.es with SMTP; 1 Apr 1998 06:16:35 -0000
> >Message-ID: <3521DBD2 .
B29513E0 @
encomix .
es>
> >Date: Wed, 01 Apr 1998 08:16:50 +0200
> >From: Roman Ramirez <rramirez @
encomix .
es>
> >Organization: EncomIX
> >X-Mailer: Mozilla 4.04 [en] (X11; I; Linux 2.1.91 i586)
> >MIME-Version: 1.0
> >To: firewalls @
GreatCircle .
COM
> >Subject: Questions about ICMP
> >Content-Type: text/plain; charset=us-ascii
> >Content-Transfer-Encoding: 7bit
> >Sender: firewalls-owner @
GreatCircle .
COM
> >Precedence: bulk
> >
> >
>
>
>
Follow-Ups:
|
|
