@puck.nether.net; Pekka Savola
Subject: Re: [j-nsp] Block traceroute and Allow Ping
This will block some types of traceroute, but a client can always use
different ports.
Why do you want to block traceroute?
On 29/09/2009, at 8:42 PM, Iftikhar Ahmed wrote:
Atif,
Try to apply a filter to loop-back
On Wed, Sep 30, 2009 at 5:09 AM, Masood Shah masoods...@juniper.net wrote:
If you are REALLY paranoid, you can DROP all UDP traffic and then only open
the ports that you have services running on. Sometimes this is easier said
than done though.
I wouldn't call this paranoia. I would call
Any blind filtering will have side-effects. Setting the bar
correctly can be difficult. It is important to regularly review
filtering policies, remove the ones that are not of value and place
new ones in. If it's just something where people pile on block-more,
MORE,
On Wed, Sep 30, 2009 at 11:44 AM, David Ball davidtb...@gmail.com wrote:
If I'm not mistaken, this year's migration to DNS servers
supporting randomized source UDP ports (based on the Kaminsky thing)
may throw a wrench into some notions of filtering UDP traffic across
their network. I know
Hi,
I want to block traceroute transit traffic on router but I want to allow
ping transit traffic. Kindly let me know ICMP Type and Code for traceroute
and kindly let me know procedure to block traceroute but allow ping.
___
juniper-nsp mailing list
On Tue, 29 Sep 2009, Muhammad Atif Jauahar wrote:
I want to block traceroute transit traffic on router but I want to allow
ping transit traffic. Kindly let me know ICMP Type and Code for traceroute
and kindly let me know procedure to block traceroute but allow ping.
You can't if you want to
Atif,
Try to apply a filter to loop-back interface with somthing like
term traceroute { /* permit traceroute udp packets */
from {
protocol udp;
destination-port 33434-33678;
}
then {
count
This will block some types of traceroute, but a client can always use
different ports.
Why do you want to block traceroute?
On 29/09/2009, at 8:42 PM, Iftikhar Ahmed wrote:
Atif,
Try to apply a filter to loop-back interface with somthing like
term traceroute { /* permit
8 matches
Mail list logo