[j-nsp] Block traceroute and Allow Ping
Pekka Savola
pekkas at netcore.fi
Tue Sep 29 06:23:50 EDT 2009
On Tue, 29 Sep 2009, Muhammad Atif Jauahar wrote:
> I want to block traceroute transit traffic on router but I want to allow
> ping transit traffic. Kindly let me know ICMP Type and Code for traceroute
> and kindly let me know procedure to block traceroute but allow ping.
You can't if you want to support all flavours of traceroute as some of
those use the equivalent of ping. Maybe you could match by both TTL
and ICMP type/code but that would be hackish. To learn more about how
traceroute works, see:
http://en.wikipedia.org/wiki/Traceroute
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the juniper-nsp
mailing list