Great Circle Associates Firewalls
(April 1998)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Questions about ICMP
From: Jean-Christophe Touvet <jct @ EdelWeb . fr>
Date: Wed, 08 Apr 1998 13:33:52 +0200
To: rdew @ el . nec . com (Bob De Witt)
Cc: firewalls @ greatcircle . com, rramirez @ encomix . es, Rick_McMaster @ freddiemac . com
In-reply-to: <199804080028 . RAA21081 @ yginsburg . el . nec . com>

> Maybe I'm just stupid today, but isn't traceroute just a series of ICMP
> packets
> with a specific Time-To-Live set in stages?

 Actually, there are two main flavors of traceroute:

1. UNIX (Van Jacobson's): high-numbered UDP ports incoming (usually UDP ports
33434 + 3*TTL), ICMP_TIMXCEED or ICMP_UNREACH_PORT outgoing

2. Windows: ICMP_ECHO incoming, ICMP_TIMXCEED or ICMP_ECHOREPLY outgoing

 Any IP protocol could be used. Incidentally, we have developed a TCP variant
which works very well.

> And if ICMP packets are allowed,
> how do you block the "traceroute" program?

 You can't.

    -JCT-


References:
Indexed By Date Previous: Re: fw-1 stateful inspection vulnerabilities
From: Bennett Todd <bet @ rahul . net>
Next: RE: Questions about ICMP
From: Nuno Guarda <nuno . guarda @ lr . isla . pt>
Indexed By Thread Previous: Re: Questions about ICMP
From: "Gregory D. Otto" <gdo @ newf . com>
Next: RE: Questions about ICMP
From: Nuno Guarda <nuno . guarda @ lr . isla . pt>

Google
 
Search Internet Search www.greatcircle.com