Le dim 13/06/2004 à 15:55, Prash a écrit : > A weird problem. See my rules below on the INPUT chain. I have NOT > allowed 33434:33523 for traceroute on UDP but some people can and some > people can't do a traceroute. Any ideas? Traceroute should be accepted > only if I open 33434:33523 .. isn't it? Then why is it allowing some in. There's a lot of way of performing a "traceroute". Speaking of classical traceroute tools, you have two approaches : . the Unix traceroute that uses an UDP packet to a high port . the Windows traceroute that uses an ICMP echo So, in your approach, you only block the Unix approach, not the Windows one. Moreover, one can perform traceroute using any type of message that will trigger an answer on target, such as TCP SYN on open port. The only way to detect a traceroute is to examine TTL and decide you block packets with TTL under a given value, say your internal network depth. But I do not think this to be a very good idea, has it may break legitimate communications. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
