On Fri, May 14, 2010 at 3:17 PM, Curby <curby@xxxxxx> wrote: > Hello, I'm considering allowing inbound traceroutes to find me, in the > interest of being a good Internet citizen. I could simply open the So I did some testing, and it seems that my Debian system really does act as the traceroute program expects. From the manpage talking about the default UDP method: "Since the ports are expected to be unused, the destination host normally returns "icmp unreach port" as a final response." Sniffing the ICMP traffic confirms the use of 3/3 "port unreachable" replies. On Sat, May 15, 2010 at 10:51 AM, Pieter Smit <mlist2010@xxxxxxxxxxx> wrote: > You would send an ICMP time exceeded (type 11) packet if you receive a > packet with a ttl=1 you will decrement it one realize it is 0 and send > the ICMP time exceeded. Documentation suggests that well-behaved routers on the path to the destination host are meant to respond with ICMP type 11, but it's perfectly acceptable (and perhaps even expected) that the actual destination host respond with a ICMP type 3 code 3 (port unreachable) instead. Re: multiple scan types, I'm just going to explicitly build in support for UDP and ICMP scans. I'm not going to explicitly deny SYNs sent to all TCP ports. =) --Mike -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
