Re: Re[2]: disable traceroute to my host

From: alexus (ml@db.nexgen.com)
Date: 06/27/01 

From: "alexus" <ml@db.nexgen.com>
To: "3APA3A" <3APA3A@SECURITY.NNOV.RU>, "Peter Jeremy" <peter.jeremy@alcatel.com.au>
Date: Wed, 27 Jun 2001 14:35:04 -0400

from someone earlier post.. i suggest to check this out

http://www.isi.edu/in-notes/iana/assignments/icmp-parameters

----- Original Message -----
From: "3APA3A" <3APA3A@SECURITY.NNOV.RU>
To: "Peter Jeremy" <peter.jeremy@alcatel.com.au>
Cc: "alexus" <ml@db.nexgen.com>; <freebsd-security@FreeBSD.ORG>
Sent: Wednesday, June 27, 2001 3:43 AM
Subject: Re[2]: disable traceroute to my host

> Hello Peter,
>
>
>
> --Wednesday, June 27, 2001, 1:15:04 AM, you wrote to
3APA3A@SECURITY.NNOV.RU:
>
> PJ> On 2001-Jun-26 15:08:13 +0400, 3APA3A <3APA3A@SECURITY.NNOV.RU> wrote:
> >>deny ICMP from (YOURNETWORK) to any icmptypes 0,3,11 out
> >>
> >>0 - to stop windows traceroute and ping
> >>3 - to stop BSD-style traceroute
> >>11 - to prevent intermediate router to reply traceroute
>
> PJ> Blocking ICMP type 3 will break Path-MTU discovery (which relies on
> PJ> type 3 code 4).
>
> It's possible to combine - deny incoming UDP and outgoing ICMP types
> 0, 11.
>
> In any case - there are thousand ways to discover route. Use NAT to
> hide internal network.
>
> PJ> Peter
>
> PJ> To Unsubscribe: send mail to majordomo@FreeBSD.org
> PJ> with "unsubscribe freebsd-security" in the body of the message
>
>
> --
> ~/3APA3A
> Всегда будем рады послушать ваше чириканье (Твен)
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message