On Fri, 5 Oct 2001, Bernd Eckenfels wrote: > On Thu, Oct 04, 2001 at 04:12:14PM -0400, Bilotti, Matthew wrote: > > Does anyone know what the correct response a Firewall should have when > > blocking a traceroute. > > I assume it should not reply with a port unreachable. > > There is no best current practice. You can just drop it if you paranoid, you > can reject it if you want to be nice to the community and you can fake > answers if you have too much spare time and feel playfully.
Actually discussed this on another list. The concensus was that rejecting with an error message made it look like the host or port was unavailable, while just dropping the request on the floor alluded to a firewall. HTH. -- -- John E. Jasen ([EMAIL PROTECTED]) -- In theory, theory and practise are the same. In practise, they aren't. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
