ipfilter - blocking traceroute

Peter Gillis · ‎10-23-2003

Hi, ux 11.00. IPFilter software.
I am trying to block 'outsiders' from getting through to our unix server. Have been thru ipf manual and tried:
block in on lan0 from myipaddr to uxSvr icmp-type 11 keep state

this has not stopped me from being able to traceroute to the server. Have also tried using icmp-type 0.

The only icmp-type that has had any effect is the icmp-type 8. This stopped both traceroute and ping!.

has anyone got any ideas here on where I am going wrong?

Thanks, and appreciate your help
Maria.

Jerome Henry · ‎10-23-2003

A traceroute is an echo request, so a ping, but with a TTL incremented from 1 up to the correct value leading to your server.
If you want to block traceroute, try to add a rule droping packets with TTL to 1 in (or 0 out) with no reply to the sender...

hth

J

You can lean only on what resists you...

Peter Gillis · ‎11-16-2003

jerome, sorry but I dont really understand your reply. How would you specify ttl values in ipfilter rules?
regards,
Maria

Steven E. Protter · ‎11-16-2003

The only icmp-type that has had any effect is the icmp-type 8. This stopped both traceroute and ping!.

Thats an excellent start.

By your statement you want to block all access from lan0, which is apparently exposed to the Internet from accessing your server.

block in on lan0 proto tcp from 10.1.1.1/32 to any

Just put the right TCP address in the above statment and you'll completely block all outside access including ping.

If you are looking for something more subtle, I'll link the doc I used to get that code.

http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B9901-90018/B9901-90018_top.html&con=/hpux/onlinedocs/B9901-90018/00/00/59-con.html&toc=/hpux/onlinedocs/B9901-90018/00/00/59-toc.html&searchterms=configuration%7cipfilter&queryid=20031116-221748

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

ipfilter - blocking traceroute

ipfilter - blocking traceroute

Re: ipfilter - blocking traceroute

Re: ipfilter - blocking traceroute

Re: ipfilter - blocking traceroute