On Wed, 2002-11-27 at 12:13, Michael wrote: > In the case of my setup, I have to reject with host unreachable because I drop all >outbound ICMP port unreachable packets to block traceroutes..
why not drop inbound packets with ttl's low enough to produce a host unreachable (and possibly log them so you know someone is tracerouting you)
