Re: [TCLUG:17580] ICMP Types

To: tclug-list@mn-linux.org
Subject: Re: [TCLUG:17580] ICMP Types
From: Mike Hicks <hick0088@tc.umn.edu>
Date: Fri, 12 May 2000 12:07:57 -0500
References: <005a01bfbc33$7e516240$0301a8c0@asterix>
Sender: mike@3po.dhs.org

Jeff Lehman wrote:
> 
> Anyone know which ICMP types traceroute uses so that i can block them out?  I've blocked ttl-exceeded, but that doesn't seem to work. TIA

The traceroute man page seems to imply that traceroute uses UDP by
default, and merely relies on the routers and hosts along the path to
respond with an ICMP ttl-exceeded packet.  However, traceroute can use
ICMP echo-request packets instead of UDP when used with the `-I' option.

There are a couple of things you can do.  One is to not respond with an
ICMP ttl-exceeded packet, and another is to drop incoming packets with
low ttl's (like below 5 would probably be reasonable).

-- 
 _  _  _  _ _  ___    _ _  _  ___ _ _  __   What's another word for 
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   'thesaurus?' 
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)                             
[ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088@tc.umn.edu ]

Follow-Ups:
- Free DEC VT 220.
  - From: Tim Neu <tim@tneu.visi.com>

References:
- ICMP Types
  - From: "Jeff Lehman" <jeffclehman@mediaone.net>

Prev by Date: Re: [TCLUG:17578] Partition: swap
Next by Date: Re: [TCLUG:17576] gpm?
Prev by thread: ICMP Types
Next by thread: Free DEC VT 220.
Index(es):
- Date
- Thread