Date: Wed, 27 Jun 2001 07:15:04 +1000 From: Peter Jeremy <peter.jeremy@alcatel.com.au> To: 3APA3A <3APA3A@SECURITY.NNOV.RU> Cc: alexus <ml@db.nexgen.com>, freebsd-security@FreeBSD.ORG Subject: Re: disable traceroute to my host Message-ID: <20010627071504.P95583@gsmx07.alcatel.com.au> In-Reply-To: <3181060651.20010626150813@SECURITY.NNOV.RU>; from 3APA3A@SECURITY.NNOV.RU on Tue, Jun 26, 2001 at 03:08:13PM %2B0400 References: <006a01c0fb6b$2d64d830$9865fea9@book> <771487721300.20010623150519@SECURITY.NNOV.RU> <009201c0fdad$57c2af00$9865fea9@book> <3181060651.20010626150813@SECURITY.NNOV.RU>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2001-Jun-26 15:08:13 +0400, 3APA3A <3APA3A@SECURITY.NNOV.RU> wrote: >deny ICMP from (YOURNETWORK) to any icmptypes 0,3,11 out > >0 - to stop windows traceroute and ping >3 - to stop BSD-style traceroute >11 - to prevent intermediate router to reply traceroute Blocking ICMP type 3 will break Path-MTU discovery (which relies on type 3 code 4). Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010627071504.P95583>