[EMAIL PROTECTED] writes: > There are some hacks based on ICMP like the icmp redirect message. > So is there a specific danger to allow this from your internal network? > I don't know depends on how much you trust the people on your internal network > I suppose.
Well, on my home network it's just me, so that figure would be ~100%, but I suppose I can't necessarily say the same about my company's internal network. > I have done a network monitor of a traceroute session and traceroute uses > identical packets as ping does just with shorter TTL. > Traceroute in ms is based on the fact that if the ttl becomes 0 the > router that drops the packet because of this sends you a time to live exceeded > in transmit back. (This message contains the routers ip address). Ah. Very interesting. Now I begin to see how UDP packets could do the "traceroute magic" as well... > Ms traceroute sends 3 of these packages to every hop. > So if 1 of them is timing out it is probably a site between you and > your traceroute target that has icmp replies filtered. > > Bottom line it is probably out of your hands. Someone on the road is > blocking icmp. It doesn't kill traceroute but it means your missing one hop. Um, right. It's the first hop. My Bering firewall. That's what we were talking about... -- Dan Harkless [EMAIL PROTECTED] http://harkless.org/dan/ ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html