Can't traceroute to my box
Uwe Doering
gemini at geminix.org
Sat Dec 27 00:16:29 PST 2003
Frank DeChellis wrote:
> Hi.
>
> I am new to FreeBSD. I have been using NetBSD for about 9 years. I have
> FreeBSD v. 4.8 Release #1 running. Everything is smooth expect for one
> thing.
>
> I can't traceroute to the box. I can do a traceroute -I to it, but not a
> regular traceroute, which tells me something about UDP, but I don't know
> where to look.
>
> IS there a file somewhere that is closing certain UDP ports that respond to
> traceroute?
Apart from the usual suspect (firewall filtering out the incoming UDP
and/or outgoing ICMP packets), what does
sysctl net.inet.udp.blackhole
show? If it is _not_ 0 it means that UDP ports that are not in use
don't generate a response, which implies that the normal 'traceroute'
won't work. This feature is intended to make the life of (port
scanning) hackers even more miserable than it must be already. There is
a related variable for TCP as well (net.inet.tcp.blackhole).
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
gemini at geminix.org | http://www.escapebox.net
More information about the freebsd-questions
mailing list