Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Peter Pentchev (roamorbitel.bg)
Date: Mon Jun 25 2001 - 01:37:31 CDT
On Sun, Jun 24, 2001 at 07:42:19PM +0200, Simon Rakovec wrote:
> Try this:
> ipfw add deny udp from any 32769-65535 to <your-host> 33434-33523
As Karsten noted in a followup, this is not proper network practice.
There might be a LOT of things listening on those UDP ports, including
ephemeral outgoing UDP connections.
As many other people noted, this does not stop Windows traceroute,
which goes via ICMP.
As the traceroute(8) manpage notes, this does not stop people who
know how to use the traceroute '-p port' option to select a starting
port != 32768.
As Dag-Erling Smoerdgrav noted, in general it is impossible to disable
a person determined to traceroute you, and in practice, there is
no need to.
PS. How was that now... one source: plagiarism, two sources: comparative
study, three sources: an academic thesis.. I did even better than that! ;)
-- Thit sentence is not self-referential because "thit" is not a word.
> alexus wrote: > > > > is it possible to disable using ipfw so people won't be able to traceroute > > me? > > > > To Unsubscribe: send mail to majordomoFreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message