Firewall Wizards mailing list archives
Re: Traceroute
From: "Michael C. Toren" <mct () toren net>
Date: Mon, 20 Oct 2003 23:01:41 -0400
On Sat, Oct 18, 2003 at 04:51:56PM -0600, Jim McAtee wrote:
Is it generally considered safe to permit incoming UDP ports 33434+ through the firewall to enable traceroute to reach destination machines? Or should it be limited to a finite range of ports, or not permitted at all?
If you're not going to permit it, my recommendation would be to reject the inbound packets with an ICMP port-unreachable response rather than simply dropping them on the floor. This way, at least a traceroute will terminate cleanly as opposed to timing out. -mct _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Traceroute Jim McAtee (Oct 20)
- Re: Traceroute Paul Robertson (Oct 20)
- Re: Traceroute Luca Berra (Oct 22)
- Re: Traceroute Michael C. Toren (Oct 22)
- Re: Traceroute Paul Robertson (Oct 20)