From owner-freebsd-security Thu Jan 20 10: 6:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from adm.sci-nnov.ru (adm.sci-nnov.ru [195.122.226.2]) by hub.freebsd.org (Postfix) with ESMTP id 2B3FD15196 for ; Thu, 20 Jan 2000 10:06:48 -0800 (PST) (envelope-from vlad@sandy.ru) Received: from anonymous.sandy.ru (anonymous.sandy.ru [195.122.226.40]) by adm.sci-nnov.ru (8.9.3/Dmiter-4.1) with ESMTP id VAA61419; Thu, 20 Jan 2000 21:05:09 +0300 (MSK) Date: Thu, 20 Jan 2000 21:05:09 +0300 From: Vladimir Dubrovin X-Mailer: The Bat! (v1.36) S/N D33CD428 Reply-To: Vladimir Dubrovin Organization: Sandy Info X-Priority: 3 (Normal) Message-ID: <2878.000120@sandy.ru> To: matt Cc: FreeBSD-SECURITY Subject: Re: legit udp ports for traceroute In-reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello matt, 20.01.00 20:43, you wrote: legit udp ports for traceroute; m> Sorry if this is off-topic, but I'm wondering what range of udp ports is m> used by legitimate traceroutes? I generally deny udp, but would like to m> open up enough so that traceroutes could go through to a certain machine. Usually traceroute starts from PORT 33435. Maximum hope is usually 30, so it sends up to 90 packets increasing the port. It means you need to open 33435-33524. Note, that Windows NT traceroute sends ICMP 8.0 packet instead of UDP. +=-=-=-=-=-=-=-=-=+ |Vladimir Dubrovin| | Sandy Info, ISP | +=-=-=-=-=-=-=-=-=+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message