TTL Match - WTF?

Fabrice MARIE
Tue, 16 Oct 2001 08:52:25 +0800

On Tuesday 16 October 2001 06:33, andy sullivan wrote:
> How is matching TTL useful in firewalling/packet filtering?  My collegues
> and myself cannot think of a situation where this might be useful.  Any
> insight is appreciated.


put a rule which match any packet with a TTL<=2 and you
can be almost sure it's a traceroute attempt...

Have a nice day,

Fabrice MARIE
Senior R&D Engineer
Celestix Networks

"Silly hacker, root is for administrators"