Hi Enno,
Hrrm, i like the idea about blocking packets with low TTL..
I'm just curious if anything might break as a result of that (if some protocol
for some reason sets an initial low TTL)?
Anyway, food for thought!
Thanks & Happy New Year,
Chris.
Enno Rey wrote:
> Hi,
>
> Chris Keladis wrote:
>
> > Be extra carefull what you do with time exceeded.
>
> > It can be used to give away detailed information about your internal
> network.
>
> How? I suppose you think of tracerouting (or firewalking).
> You can block tracerouting via denying UDP ports 33434ff. (Van Jacobsen,
> Unix) or incoming ICMP echo requests (Windows) [both measures to be taken
> anyway]. And block firewalking by denying packets with low TTL (I learned
> this from
> www.blackhat.com/presentations/bh-europe-00/SimpleNomad/SimpleNomad.ppt).
>
> Or maybe you think of ICMP timestamps (RFC 792). Those you should block in
> any case (see razor.bindview.com/tools/desc/icmpenum_readme.html).
>
> Anyway, I agree on being careful about TTL exceeded; I personally never let
> them out.
>
> A happy new year to everybody &
>
> regards,
>
> Enno Rey
>
> PGP 74C0 C7E1 3875 E4EB 9B75 8B9D 5E2D 3178 685B F222
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
