On Thursday, 2001/10/04 at 16:20 AST, "Bilotti, Matthew"
<[EMAIL PROTECTED]> wrote:
> Does anyone know what the correct response a Firewall should have when
> blocking a traceroute.
> I assume it should not reply with a port unreachable.
You're right - it shouldn't respond with "port unreachable".
A firewall doesn't really know when a traceroute is being done - it only
sees the individual packets involved in the traceroute sequence.
There are 2 types of traceroute probes commonly used:
UDP packets to high ports (the original traceroute implementations did
this) - A firewall blocking this can either send back nothing or "ICMP
destination unreachable, administratively prohibited".
ICMP echo request packets - Normally nothing would be sent back (in the
spirit of "don't send ICMP packets in response to ICMP packets"), but
since this is an echo request I think it would also be ok to send back
"ICMP destination unreachable, administratively prohibited".
Responses (by other systems) to traceroute probes are ICMP packets ("dest.
unreachable") - if blocking these, nothing should be sent back to the
responder.
Tony Rall
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
