Firewalls: Re: Questions about ICMP

Firewalls
(April 1998)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Questions about ICMP
From:	Smoot Carl-Mitchell <smoot @ tic . com>
Date:	Tue, 07 Apr 1998 23:16:35 -0500
To:	firewalls @ greatcircle . com
In-reply-to:	Your message of "Tue, 07 Apr 1998 17:28:15 PDT." <199804080028 . RAA21081 @ yginsburg . el . nec . com>

>Maybe I'm just stupid today, but isn't traceroute just a series of ICMP packet
>s
>with a specific Time-To-Live set in stages?  And if ICMP packets are allowed, 
>how do you block the "traceroute" program?

Traceroute uses UDP packets to a high port number with the TTL incremented by
one for each packet sent.  It listens for the ICMP Time Expired packets
returning.  That is where it derives the IP addresses of each hop.


Smoot Carl-Mitchell
Texas Internet Consulting
1106 Clayton Lane, Suite 500W
Austin, TX 78723

+1 512 451-6176

Follow-Ups:

Re: Questions about ICMP
From: "Gregory D. Otto" <gdo @ newf . com>

References:

RE: Questions about ICMP
From: rdew @ el . nec . com (Bob De Witt)

Indexed By Date	Previous:	who is responsible? From: alchodu @ wetwetwet . com
Indexed By Date	Next:	Livingston's IRX211 firewall router From: Powertel Boca Ltd <natrajs @ pugmarks . whowho . com>
Indexed By Thread	Previous:	Re: Questions about ICMP From: "Michael H. Warfield" <mhw @ wittsend . com>
Indexed By Thread	Next:	Re: Questions about ICMP From: "Gregory D. Otto" <gdo @ newf . com>