From owner-freebsd-security  Fri Jun 22 16: 4:57 2001
Delivered-To: freebsd-security@freebsd.org
Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75])
	by hub.freebsd.org (Postfix) with ESMTP
	id D652337B408; Fri, 22 Jun 2001 16:04:48 -0700 (PDT)
	(envelope-from brdavis@odin.ac.hmc.edu)
Received: (from brdavis@localhost)
	by odin.ac.hmc.edu (8.11.0/8.11.0) id f5MN4h200469;
	Fri, 22 Jun 2001 16:04:43 -0700
Date: Fri, 22 Jun 2001 16:04:43 -0700
From: Brooks Davis <brooks@one-eyed-alien.net>
To: alexus <ml@db.nexgen.com>
Cc: freebsd-security@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG
Subject: Re: disable traceroute to my host
Message-ID: <20010622160443.A29783@Odin.AC.HMC.Edu>
References: <006a01c0fb6b$2d64d830$9865fea9@book>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="SUOF0GtieIMvvwua"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <006a01c0fb6b$2d64d830$9865fea9@book>; from ml@db.nexgen.com on Fri, Jun 22, 2001 at 06:32:10PM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--SUOF0GtieIMvvwua
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jun 22, 2001 at 06:32:10PM -0400, alexus wrote:
> is it possible to disable using ipfw so people won't be able to traceroute
> me?

Not really.  Traceroute works be setting the hop count of an IP packet
very low so that it gets an ICMP error message back from each router along
the way.  You might be able to set things up to hide your internal network
by not changing the hop count when packets pass through your routers,
but that's it.  You can do this with FreeBSD, but I can't seem to find
the option at the moment.

-- Brooks

--=20
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

--SUOF0GtieIMvvwua
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7M88KXY6L6fI4GtQRAqR7AKDgnrbxfpT4icvohMnVDBu5hU4sYwCeIqgj
aYLX0YMylpTstOWtQy7mqRc=
=I1nE
-----END PGP SIGNATURE-----

--SUOF0GtieIMvvwua--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message