RE: strange traceroute output

Fri, 18 Jan 2002 10:49:01 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

One thing to remember. Unix-like systems use UDP packets for
traceroutes as opposed to using ICMP packets like windows.
Could it be you are filtering UDP packets? 

TP


#    -----Original Message-----
#    From: Daniel Ferguson [mailto:[EMAIL PROTECTED]]
#    Sent: Wednesday, January 16, 2002 11:16 AM
#    To: [EMAIL PROTECTED]
#    Subject: RE: strange traceroute output
#    
#    
#    If you're specifying the types of icmp to let through the 
#    firewall, a
#    traceroute replies with an icmp "time-exceeded". If you 
#    are specifying icmp
#    types make sure you're allowing that one back through from 
#    the net to get
#    the traceroute reply.
#    
#    -----Original Message-----
#    From: VASILIOS CHOUVARDAS [mailto:[EMAIL PROTECTED]]
#    Sent: 15 January 2002 04:56
#    Cc: [EMAIL PROTECTED]
#    Subject: Re: strange traceroute output
#    
#    
#    It seems to me that your firewall drops any ICMP 
#    (traceroute uses ICMP)
#    packet coming from the outside with destination your servers.
#    Check the firewall rules.
#    
#    Vasilios Chouvardas
#    
#    "Chris Boyd (Admin)" wrote:
#    
#    >
#    > Have a 512k connection to internet with an NTU (is a 
#    Martis STU-2304 if
#    > that matters) connected to a Cisco 1605 using both 
#    interfaces. One has an
#    > IP range from the ISP which are used by web/email 
#    servers running Linux
#    > RH 7.1 and the other has the internal IP's
#    > set(192.168.0.0) which are used by workstations(unfortun. Win
98
#    > machines). A firewall is on the servers running stripped 
#    down RH 6.2.
#    >  When doing a traceroute from the servers I'm getting 
#    the following
#    > return.
#    >  traceroute www.esat.net (our ISP)
#    > traceroute to www.esat.net (193.120.15.2), 30 hops max, 
#    38 byte packets
#    >  1  defunct (194.125.x.x)  1.646 ms  0.455 ms  0.443 ms 
#    (firewall)
#    >  2  * * *
#    >  3  * * *
#    >  4  * * *
#    >  5  * *
#    > and continues on for 30 hops.
#    > Doesn't do this from the workstations only from servers.
#    > This happens when I try this on any address outside the 
#    network. I'm not
#    > sure if its something with the firewall possibly or is 
#    it some form of DoS
#    > maybe.
#    > Any ideas.
#    > If need more info just ask.
#    >
#    > Thanks
#    >
#    > Security Newbie
#    

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPEcQ7qcpngnXKJlsEQLqVQCfcXR6IdJ4wIJzIZm3vvzoySRA3dAAn3tf
00AzkNKUo2E5NWM11z3n4898
=A0O3
-----END PGP SIGNATURE-----

Reply via email to