How can you achieve this?

You are the security administrator for a large network. You want to prevent attackers from running
any sort of traceroute into your DMZ and discover the internal structure of publicly accessible
areas of the network.
How can you achieve this?

You are the security administrator for a large network. You want to prevent attackers from running
any sort of traceroute into your DMZ and discover the internal structure of publicly accessible
areas of the network.
How can you achieve this?

A.
Block ICMP at the firewall.

B.
Block UDP at the firewall.

C.
Both A and B.

D.
There is no way to completely block doing a trace route into this area.

Explanation:
When you run a traceroute to a target network address,you send a UDP packet with
one time to live (TTL) to the target address. The first router this packet hits decreases the TTL to 0
and rejects the packet. Now the TTL for the packet is expired. The router sends back an ICMP
message type 11 (Exceeded) code 0 (TTL–Exceeded) packet to your system with a source
address. Your system displays the round-trip time for that first hop and sends out the next UDP
packet with a TTL of 2.
This process continues until you receive an ICMP message type 3 (Unreachable) code 3 (Port–Unreachable) from the destination system. Traceroute is completed when your machine receives a
Port-Unreachable message.
If you receive a message with three asterisks [* * *] during the traceroute,a router in the path
doesn’t return ICMP messages. Traceroute will continue to send UDP packets until the destination
is reached or the maximum number of hops is exceeded.



Leave a Reply 2

Your email address will not be published. Required fields are marked *