LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   APF blocking tracerts question (https://www.linuxquestions.org/questions/linux-security-4/apf-blocking-tracerts-question-298001/)

htmlcoder 03-05-2005 12:17 PM
APF blocking tracerts question
 
Hi:
I noticed that once installed, APF blocks all tracerts to a domain by default. Is this a good idea in all cases, and how can I configure APF to allow tracerts instead?

Capt_Caveman 03-05-2005 02:08 PM
Just like most networking tools (like ping for example) they have a good and bad side depending on what you're trying to use them for. Traceroute is extremely usefull in diagnosing networking errors, but at the same time can be used for hostile information gathering about your network topology. So it's a question of which one is more of a priority to you. If you decide to enable traceroute, (I'm not that familiar with APF, but I'd start by checking out the options in the /etc/apf/conf.apf.

-Nw- neX 03-06-2005 09:36 AM
if you want to block the packet anyhow, you can always look into using a tool like 'hping'. it allows you to run traceroute on spesific ports.

Code:
# hping -T -p 25 smtp.gmail.com
HPING smtp.gmail.com (eth1 64.233.171.109): NO FLAGS are set, 40 headers + 0 data bytes

[[ hops removed ]]

hop=15 TTL 0 during transit from ip=216.239.46.53 name=UNKNOWN 
hop=15 hoprtt=74.3 ms
hop=16 TTL 0 during transit from ip=216.239.46.44 name=UNKNOWN 
hop=16 hoprtt=73.8 ms
hop=17 TTL 0 during transit from ip=216.239.46.146 name=UNKNOWN 
hop=17 hoprtt=77.9 ms
hop=18 TTL 0 during transit from ip=216.239.46.78 name=UNKNOWN 
hop=18 hoprtt=80.4 ms
len=46 ip=64.233.171.109 ttl=241 id=65074 sport=25 flags=R seq=18 win=8201 rtt=74.3 ms
len=46 ip=64.233.171.109 ttl=241 id=14412 sport=25 flags=R seq=19 win=8201 rtt=76.6 ms
len=46 ip=64.233.171.109 ttl=241 id=25190 sport=25 flags=R seq=20 win=8201 rtt=77.2 ms
len=46 ip=64.233.171.109 ttl=241 id=12159 sport=25 flags=R seq=21 win=8201 rtt=77.5 ms

--- smtp.gmail.com hping statistic ---
22 packets tramitted, 22 packets received, 0% packet loss
round-trip min/avg/max = 18.1/53.3/80.4 ms
hping is VERY useful for diagnosing port connection problems.


All times are GMT -5. The time now is 10:51 AM.