|
Home > Archive > CWNP > July 2003 > Blocking tracert?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| meijin 2003-07-21, 10:40 pm |
| I posted this on the Sec+ forum, but since there are some smart folks here, I figured I would take a shot at it here too...
If you suspect that you have an internal router that is not allowing a tracert command to execute through it correctly, should you be checking for blocking ICMP Type 18 or ICMP Type 30 traffic? Or would you normally see both?
Thanks! | |
| Delphis 2003-07-21, 11:40 pm |
| Going from memory here, so I may be completely off, but... You need both 18 and 30 open. 18 is going to let you initiate the tracert and 30 is going to be what lets the router respond back to you with the results.
Think of it like a pair of tennis rackets. 18 lets you send the ball over the net, and 30 is what's going to return it to you. Without either one of them, the operation is going to fail somewhere. | |
| darthfeces 2003-07-21, 11:59 pm |
| traceroute works by exceeding the ttl at each router hop and moving on
assuming outgoing traffic is unrestricted you need to allow
icmp unreachable
time-exceeded
echo-reply
to get back to you
there may be a access-list
or firewall in your way. |
|
|
|
|