Hi,
Chris Keladis wrote:
> Be extra carefull what you do with time exceeded.
> It can be used to give away detailed information about your internal
network.
How? I suppose you think of tracerouting (or firewalking).
You can block tracerouting via denying UDP ports 33434ff. (Van Jacobsen,
Unix) or incoming ICMP echo requests (Windows) [both measures to be taken
anyway]. And block firewalking by denying packets with low TTL (I learned
this from
www.blackhat.com/presentations/bh-europe-00/SimpleNomad/SimpleNomad.ppt).
Or maybe you think of ICMP timestamps (RFC 792). Those you should block in
any case (see razor.bindview.com/tools/desc/icmpenum_readme.html).
Anyway, I agree on being careful about TTL exceeded; I personally never let
them out.
A happy new year to everybody &
regards,
Enno Rey
PGP 74C0 C7E1 3875 E4EB 9B75 8B9D 5E2D 3178 685B F222
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
