User: Password:
|
|
Subscribe / Log in / New account

Tracing behind the firewall

Tracing behind the firewall

Posted Jan 20, 2007 11:37 UTC (Sat) by jengelh (subscriber, #33263)
In reply to: Tracing behind the firewall by jannic
Parent article: Tracing behind the firewall

But -m ttl --ttl-lt 4 might match valid connections. What if, for whatever reason, it takes 61 routers to get through to www.ebay.com? Then this happens: your internal box sends TCP SYN with a hoplimit/ttl of 64, but the return TCP-ACK cannot pass your firewall because the return path already decreased the ttl too much. Boom, website hangs. It does not need the value pairs 61/64. Anything n-3/n does work, given that n is the default ttl for the OS or connection.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds