Alex,
The last 'traceroute blocking' thread went on for a few weeks, so I
think you should look into that. In addition to that, I think blocking
ICMP packets, especially type 3 and 11 would allow you to traceroute.
traceroute(8) works by sending UDP datagrams to destination,
incrementing TTLs after every hop. If you block all ICMP packets, the
intermediate routers will not be able to send back ICMP packets, which
makes traceroute(8) almost useless ;(.
Bruce Dang
www.tbug.org
i wonder how long this thread will go on...
Alexander wrote:
>
> Hello.
> I was wondering if anyone knows how can I set ipfw rules to allow myself
> to traceroute anywhere but noone to be able to ping or traceroute me.
>
> I saw few examples in the ipfw tutorial on www.defcon1.org for filtering
> external pings but these examples don't allow me to traceroute somewhere.
>
> thanks.
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-net" in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
