Date: Thu, 20 Jan 2000 21:05:09 +0300 From: Vladimir Dubrovin <vlad@sandy.ru> To: matt <matt@ARPA.MAIL.NET> Cc: FreeBSD-SECURITY <security@FreeBSD.ORG> Subject: Re: legit udp ports for traceroute Message-ID: <2878.000120@sandy.ru> In-Reply-To: <Pine.BSF.4.21.0001201242380.2995-100000@w01.arpa-canada.net> References: <Pine.BSF.4.21.0001201242380.2995-100000@w01.arpa-canada.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello matt, 20.01.00 20:43, you wrote: legit udp ports for traceroute; m> Sorry if this is off-topic, but I'm wondering what range of udp ports is m> used by legitimate traceroutes? I generally deny udp, but would like to m> open up enough so that traceroutes could go through to a certain machine. Usually traceroute starts from PORT 33435. Maximum hope is usually 30, so it sends up to 90 packets increasing the port. It means you need to open 33435-33524. Note, that Windows NT traceroute sends ICMP 8.0 packet instead of UDP. +=-=-=-=-=-=-=-=-=+ |Vladimir Dubrovin| | Sandy Info, ISP | +=-=-=-=-=-=-=-=-=+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2878.000120>