[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Allowing outgoing traceroutes through NAT

On Fri, May 02, 2003 at 02:47:23PM -0700, Talon wrote:
> Hi,
> Blocking traceroute
> Traceroute typically uses udp ports 33435 to 33524 for the first 30 hops (for 
> additional hops beyond that add 3 ports per hop). You need to allow these 
> through firewalls or packet filters. Do not allow any vulnerable servers to use 
> this port range inside your net. 
> (Taken from http://www.freelabs.com/~whitis/isp_mistakes.html)

traceroute can also use ICMP ECHO instead of UDP datagrams ( -I option
in debian's traceoute).

You can also specify the UDP port used by traceroute (-p option).

see man traceroute for more info.


Reply to: