Date: Sat, 27 Dec 2003 09:16:24 +0100 From: Uwe Doering <gemini@geminix.org> Cc: freebsd-questions@freebsd.org Subject: Re: Can't traceroute to my box Message-ID: <3FED3FD8.9000104@geminix.org> In-Reply-To: <NEBBLHKFIKHLKPNHEDBOMENJAOAB.frankd@iaw.on.ca> References: <NEBBLHKFIKHLKPNHEDBOMENJAOAB.frankd@iaw.on.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Frank DeChellis wrote:
> Hi.
>
> I am new to FreeBSD. I have been using NetBSD for about 9 years. I have
> FreeBSD v. 4.8 Release #1 running. Everything is smooth expect for one
> thing.
>
> I can't traceroute to the box. I can do a traceroute -I to it, but not a
> regular traceroute, which tells me something about UDP, but I don't know
> where to look.
>
> IS there a file somewhere that is closing certain UDP ports that respond to
> traceroute?
Apart from the usual suspect (firewall filtering out the incoming UDP
and/or outgoing ICMP packets), what does
sysctl net.inet.udp.blackhole
show? If it is _not_ 0 it means that UDP ports that are not in use
don't generate a response, which implies that the normal 'traceroute'
won't work. This feature is intended to make the life of (port
scanning) hackers even more miserable than it must be already. There is
a related variable for TCP as well (net.inet.tcp.blackhole).
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
gemini@geminix.org | http://www.escapebox.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FED3FD8.9000104>