https://live.paloaltonetworks.com/t5/general-topics/block-traceroute/m-p/298381#M78197 <P>Hello,</P><P>I do not think that is possible. However you can just have a policy that explicitly denies the application.</P><P>&nbsp;</P><P>Regards,</P> Wed, 13 Nov 2019 23:09:01 GMT OtakarKlier 2019-11-13T23:09:01Z https://live.paloaltonetworks.com/t5/general-topics/block-traceroute/m-p/297941#M78128 <P>Hi all,</P><P>is there a way to block IP source if I match traceroute App-ID? Maybe with a custom vulnerability?</P> Tue, 12 Nov 2019 16:35:23 GMT https://live.paloaltonetworks.com/t5/general-topics/block-traceroute/m-p/297941#M78128 s_quasar 2019-11-12T16:35:23Z https://live.paloaltonetworks.com/t5/general-topics/block-traceroute/m-p/298180#M78161 <P>Hello</P><P>&nbsp;</P><P>I am not sure I completely understand the question.</P><P>&nbsp;</P><P>Can you block a source IP using traceroute app-id?</P><P>&nbsp;</P><P>you can create a policy to deny traceroute from a source IP, yes.</P><P>&nbsp;</P><P>is that your question?</P><P>&nbsp;</P><P>Please advise.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 13 Nov 2019 06:18:38 GMT https://live.paloaltonetworks.com/t5/general-topics/block-traceroute/m-p/298180#M78161 S.Cantwell 2019-11-13T06:18:38Z https://live.paloaltonetworks.com/t5/general-topics/block-traceroute/m-p/298311#M78185 <P>Hi,</P><P>no, I want to block IP not deny like in reconnaissance in zone protection or in vulnerability protection that you can create a custom rule with 3600 seconds block IP.</P> Wed, 13 Nov 2019 17:00:13 GMT https://live.paloaltonetworks.com/t5/general-topics/block-traceroute/m-p/298311#M78185 s_quasar 2019-11-13T17:00:13Z https://live.paloaltonetworks.com/t5/general-topics/block-traceroute/m-p/298313#M78186 <P>I appreciate the response.</P><P>Maybe I do not understand; deny and block provide similar functionality</P><P>&nbsp;</P><P>My original response of creating a rule to drop/deny a Source Address is probably the best way to block the IP.</P><P>&nbsp;</P><P>I am not being argumentative, perhaps explaining more additional details regarding the use case for this request, will be help everyone to provide better responses.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 13 Nov 2019 17:56:02 GMT https://live.paloaltonetworks.com/t5/general-topics/block-traceroute/m-p/298313#M78186 S.Cantwell 2019-11-13T17:56:02Z https://live.paloaltonetworks.com/t5/general-topics/block-traceroute/m-p/298381#M78197 <P>Hello,</P><P>I do not think that is possible. However you can just have a policy that explicitly denies the application.</P><P>&nbsp;</P><P>Regards,</P> Wed, 13 Nov 2019 23:09:01 GMT https://live.paloaltonetworks.com/t5/general-topics/block-traceroute/m-p/298381#M78197 OtakarKlier 2019-11-13T23:09:01Z https://live.paloaltonetworks.com/t5/general-topics/block-traceroute/m-p/298383#M78199 <P>Ill toss in that configuring ICMP error in Zone Protection can help limit the use of Trace-route.</P> Wed, 13 Nov 2019 23:16:07 GMT https://live.paloaltonetworks.com/t5/general-topics/block-traceroute/m-p/298383#M78199 pteixeira 2019-11-13T23:16:07Z https://live.paloaltonetworks.com/t5/general-topics/block-traceroute/m-p/298558#M78224 <P>I want to consider that if an IP make traceroute, this is the first step to do other bad activities on my infrastructure so I want to block it (and not deny) before it can attempt to infiltrate in my network.</P> Thu, 14 Nov 2019 15:30:51 GMT https://live.paloaltonetworks.com/t5/general-topics/block-traceroute/m-p/298558#M78224 s_quasar 2019-11-14T15:30:51Z https://live.paloaltonetworks.com/t5/general-topics/block-traceroute/m-p/298562#M78225 <P>Hello,</P><P>While I agree this could be a start to bad things, its a common tool used by many different engineers. I high caution you against a block-ip approach as this will block legit traffic to/from a good host because someone ran a command.</P><P>&nbsp;</P><P>Just a deny rule is much better in this case.</P><P>&nbsp;</P><P>Regards,</P> Thu, 14 Nov 2019 15:42:09 GMT https://live.paloaltonetworks.com/t5/general-topics/block-traceroute/m-p/298562#M78225 OtakarKlier 2019-11-14T15:42:09Z