Tue, 14 Aug 2001 19:04:51 +0200 (CEST)
> BTW, UNIX traceroutes use UDP not ICMP, while MS traceroutes use ping.
hmm, tcp ip illustrated says that most common tracereoute is using both
icmp and udp.
actually it is sending an udp request and receives an icmp time exceeded
(because TTL is too low), then increases TTL, until the packets go to the
destination, and then the destination sends us icmp port enreachable.
so in my opinion to disallow traceroute is to disallow these to icmp types
and high udp ports (>30000) , BUT sometimes you might want time-exceeded
and port-unreachable icmps.
Note that using icmp you can bypass many of todays firewalls and get to
the hosts protected. (i've read about it somewhere)