Block traceroute

Reply
L3 Networker

Block traceroute

Hi all,

is there a way to block IP source if I match traceroute App-ID? Maybe with a custom vulnerability?

L4 Transporter

Re: Block traceroute

Hello

 

I am not sure I completely understand the question.

 

Can you block a source IP using traceroute app-id?

 

you can create a policy to deny traceroute from a source IP, yes.

 

is that your question?

 

Please advise.

 

 

Help the community: Like helpful comments and mark solutions
L3 Networker

Re: Block traceroute

Hi,

no, I want to block IP not deny like in reconnaissance in zone protection or in vulnerability protection that you can create a custom rule with 3600 seconds block IP.

L4 Transporter

Re: Block traceroute

I appreciate the response.

Maybe I do not understand; deny and block provide similar functionality

 

My original response of creating a rule to drop/deny a Source Address is probably the best way to block the IP.

 

I am not being argumentative, perhaps explaining more additional details regarding the use case for this request, will be help everyone to provide better responses.

 

 

 

Help the community: Like helpful comments and mark solutions
L7 Applicator

Re: Block traceroute

Hello,

I do not think that is possible. However you can just have a policy that explicitly denies the application.

 

Regards,

L1 Bithead

Re: Block traceroute

Ill toss in that configuring ICMP error in Zone Protection can help limit the use of Trace-route.

L3 Networker

Re: Block traceroute

I want to consider that if an IP make traceroute, this is the first step to do other bad activities on my infrastructure so I want to block it (and not deny) before it can attempt to infiltrate in my network.

L7 Applicator

Re: Block traceroute

Hello,

While I agree this could be a start to bad things, its a common tool used by many different engineers. I high caution you against a block-ip approach as this will block legit traffic to/from a good host because someone ran a command.

 

Just a deny rule is much better in this case.

 

Regards,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!