TTL Match - WTF?

Fabrice MARIE fabrice@celestix.com
Tue, 16 Oct 2001 08:52:25 +0800


On Tuesday 16 October 2001 06:33, andy sullivan wrote:
> How is matching TTL useful in firewalling/packet filtering?  My collegues
> and myself cannot think of a situation where this might be useful.  Any
> insight is appreciated.

Hello,

put a rule which match any packet with a TTL<=2 and you
can be almost sure it's a traceroute attempt...

Have a nice day,

Fabrice.
-- 
Fabrice MARIE
Senior R&D Engineer
Celestix Networks
http://www.celestix.com/

"Silly hacker, root is for administrators" 
       -Unknown