|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Peter Pentchev (roam
orbitel.bg)Date: Mon Jun 25 2001 - 01:37:31 CDT
On Sun, Jun 24, 2001 at 07:42:19PM +0200, Simon Rakovec wrote:
> Try this:
>
> ipfw add deny udp from any 32769-65535 to <your-host> 33434-33523
As Karsten noted in a followup, this is not proper network practice.
There might be a LOT of things listening on those UDP ports, including
ephemeral outgoing UDP connections.
As many other people noted, this does not stop Windows traceroute,
which goes via ICMP.
As the traceroute(8) manpage notes, this does not stop people who
know how to use the traceroute '-p port' option to select a starting
port != 32768.
As Dag-Erling Smoerdgrav noted, in general it is impossible to disable
a person determined to traceroute you, and in practice, there is
no need to.
G'luck,
Peter
PS. How was that now... one source: plagiarism, two sources: comparative
study, three sources: an academic thesis.. I did even better than that! ;)
-- Thit sentence is not self-referential because "thit" is not a word.> alexus wrote: > > > > is it possible to disable using ipfw so people won't be able to traceroute > > me? > > > > To Unsubscribe: send mail to majordomo
To Unsubscribe: send mail to majordomo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]