From owner-freebsd-security Fri Nov 24 5:15:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.mclink.it (net128-053.mclink.it [195.110.128.53]) by hub.freebsd.org (Postfix) with ESMTP id 1DF9437B479 for ; Fri, 24 Nov 2000 05:15:37 -0800 (PST) Received: from net147-007.mclink.it (net147-007.mclink.it [195.110.147.7]) by mail.mclink.it (8.9.3/8.9.0) with ESMTP id OAA03218; Fri, 24 Nov 2000 14:15:27 +0100 (CET) Date: Fri, 24 Nov 2000 14:08:47 +0100 From: Massimo Fubini X-Mailer: The Bat! (v1.45) Reply-To: Massimo Fubini X-Priority: 3 (Normal) Message-ID: <18813810961.20001124140847@aexis-telecom.it> To: Dag-Erling Smorgrav Cc: security@FreeBSD.ORG Subject: Re[2]: ipf - icmp In-reply-To: References: <20001124134218.A17181@nevermind.kiev.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello Dag-Erling and all the group, Friday, November 24, 2000, 12:52:14 PM, you wrote: DES> Nevermind writes: >> > No. There is no way to completely prevent someone from tracerouting >> > you. You can make it slightly harder by blocking incoming UDP (which >> > your ruleset does not), but that's about it. Traceroute is based on ttl expiration.... What you can do is blocking all the packet with a small ttl, so you will never have a ttl == 0 in your internal network. If you have no more than 3 hops in your internal network, and you discard all the packet with a ttl < 4 you will never have ttl expiration, and this will make very hard for program like traceroute, or firewalk to map your internal network. Something can be done to understand if a port is closed at the firewall or at the host... but it is an other topic. Best regards, Massimo PS It is my first post in *@freebsd.org, I'm a beginner with freebsd, and hope I will learn a lot from this lists. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message