APF blocking tracerts question

htmlcoder · 03-05-2005, 12:17 PM

Hi:
I noticed that once installed, APF blocks all tracerts to a domain by default. Is this a good idea in all cases, and how can I configure APF to allow tracerts instead?

Capt_Caveman · 03-05-2005, 02:08 PM

Just like most networking tools (like ping for example) they have a good and bad side depending on what you're trying to use them for. Traceroute is extremely usefull in diagnosing networking errors, but at the same time can be used for hostile information gathering about your network topology. So it's a question of which one is more of a priority to you. If you decide to enable traceroute, (I'm not that familiar with APF, but I'd start by checking out the options in the /etc/apf/conf.apf.

-Nw- neX · 03-06-2005, 09:36 AM

if you want to block the packet anyhow, you can always look into using a tool like 'hping'. it allows you to run traceroute on spesific ports.

Code:

 # hping -T -p 25 smtp.gmail.com
HPING smtp.gmail.com (eth1 64.233.171.109): NO FLAGS are set, 40 headers + 0 data bytes

[[ hops removed ]]

hop=15 TTL 0 during transit from ip=216.239.46.53 name=UNKNOWN   
hop=15 hoprtt=74.3 ms
hop=16 TTL 0 during transit from ip=216.239.46.44 name=UNKNOWN   
hop=16 hoprtt=73.8 ms
hop=17 TTL 0 during transit from ip=216.239.46.146 name=UNKNOWN   
hop=17 hoprtt=77.9 ms
hop=18 TTL 0 during transit from ip=216.239.46.78 name=UNKNOWN   
hop=18 hoprtt=80.4 ms
len=46 ip=64.233.171.109 ttl=241 id=65074 sport=25 flags=R seq=18 win=8201 rtt=74.3 ms
len=46 ip=64.233.171.109 ttl=241 id=14412 sport=25 flags=R seq=19 win=8201 rtt=76.6 ms
len=46 ip=64.233.171.109 ttl=241 id=25190 sport=25 flags=R seq=20 win=8201 rtt=77.2 ms
len=46 ip=64.233.171.109 ttl=241 id=12159 sport=25 flags=R seq=21 win=8201 rtt=77.5 ms

--- smtp.gmail.com hping statistic ---
22 packets tramitted, 22 packets received, 0% packet loss
round-trip min/avg/max = 18.1/53.3/80.4 ms

hping is VERY useful for diagnosing port connection problems.