TTL Match - WTF?
Tue, 16 Oct 2001 08:52:25 +0800
On Tuesday 16 October 2001 06:33, andy sullivan wrote:
> How is matching TTL useful in firewalling/packet filtering? My collegues
> and myself cannot think of a situation where this might be useful. Any
> insight is appreciated.
put a rule which match any packet with a TTL<=2 and you
can be almost sure it's a traceroute attempt...
Have a nice day,
Senior R&D Engineer
"Silly hacker, root is for administrators"