Re: [cobalt-users] Strange IP Problem

[Gareth Bromley <gbromley@xxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ethos Subscriptions wrote:
|>Was traceroute actually tracert on a windooze machine??
|>If so, then this proves that ICMP is allowed unfiltered, is UNIX
|>traceroute allowed? (This uses UDP instead of ICMP)
|>Next use tcptraceroute IPAddress 80 or tcptraceroute IPAddress 22 to
|>test where web/SSH traffic fails.
| Yeah, it was tracert. My XP machine wont allow me to do 'traceroute' or
| 'tcptraceroute'
Do you have a Linux machine near you that you can use?

If so download tcptraceroute + libnet, compile, install and use. If
you have RH7.x I have patched RPMs to fix an issue with Debian/RH
incompatible build locations.

Otherwise, you'll need to resort to telnet IPaddress 80 or telnet
IPaddress22 and then packet sniff to see which IP is any is generating
either ICMP unreach mesages (admin prob=hibited/filtered messages) or
more likely either:
- - SYN, SYN/ACK, ACK and then wait then RST packet indicating use of an
App level firewalling tool like TCPwrappers
- - SYN, RST packet if a firewall like ipchains is used in REJECT mode
- - SYN, SYN, SYN, SYN if a firewall like ipchains is used in DROP mode

Enjoy,
- --
- --Gareth Bromley
CCIE Candidate CCDP CCNP CSS1 CCIP Security
CCSA CCSE NSA RHCE SCSA SCNA CISSP

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE9mXjfxX2wgg94RlkRAuvqAJ9Eyivaw3XUoFHL+qjS/2OW9UDbeACdG2v1
+XFws2mIRQGtumKe/KNN770=
=Iyly
-----END PGP SIGNATURE-----