Re: [m0n0wall] Trace route problems behind m0n0

From:	Dave Warren <maillist at devilsplayground dot net>
To:	Michael Dale <mdale at dalegroup dot net>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Trace route problems behind m0n0
Date:	Wed, 13 Apr 2005 04:08:06 -0600

Michael Dale wrote:

>Hey everyone,
>
>I'm having problems running a trace route through my m0n0wall box.
>
>This only seems to effect my *nix systems. For example on my Mac and FreeBSD
>boxes I get the following:
>
>electra:~ michaeldale$ traceroute google.com
>traceroute to google.com (216.239.37.99), 30 hops max, 40 byte packets
> 1  core.dalegroup.net (10.0.0.253)  56.11 ms  1.088 ms  0.996 ms
> 2  * * *
> 3  * * *
> 4  * * *
>
>Although it works fine on my Windows box.
>
>This problem only started after I replaced smoothwall with m0n0wall. The
>router is setup to forward all outbound traffic.
>
>Using 1.2b7.
>  
>
The problem is that *nix systems don't use IMP for tracerts, *nix 
systems tend to spew out UDP packets on random ports and hope that the 
receiving systems 1) aren't listening for legitimate traffic on the port 
selected, 2) return an IMP packet indicating that the UDP packet wasn't 
deliverable, 3) don't treat the packet as hostile and block the sender 
completely as a result of an overly agressive IDS.

Windows uses IMP ECHO requests, which are clearly identified as being 
ECHO requests.

-- 
Sticks and stones may break my bones, but whips and chains excite me.