This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Block traceroute

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Block traceroute

s_quasar
L3 Networker

‎11-12-2019 08:35 AM

Hi all,

is there a way to block IP source if I match traceroute App-ID? Maybe with a custom vulnerability?

0 Likes Likes
7 REPLIES 7

S.Cantwell
Cyber Elite
Cyber Elite

‎11-12-2019 10:18 PM

Hello

 

I am not sure I completely understand the question.

 

Can you block a source IP using traceroute app-id?

 

you can create a policy to deny traceroute from a source IP, yes.

 

is that your question?

 

Please advise.

 

 

Help the community: Like helpful comments and mark solutions
0 Likes Likes

s_quasar
L3 Networker
In response to S.Cantwell

‎11-13-2019 09:00 AM

Hi,

no, I want to block IP not deny like in reconnaissance in zone protection or in vulnerability protection that you can create a custom rule with 3600 seconds block IP.

0 Likes Likes

S.Cantwell
Cyber Elite
Cyber Elite
In response to s_quasar

‎11-13-2019 09:56 AM

I appreciate the response.

Maybe I do not understand; deny and block provide similar functionality

 

My original response of creating a rule to drop/deny a Source Address is probably the best way to block the IP.

 

I am not being argumentative, perhaps explaining more additional details regarding the use case for this request, will be help everyone to provide better responses.

 

 

 

Help the community: Like helpful comments and mark solutions
0 Likes Likes

OtakarKlier
Cyber Elite
Cyber Elite
In response to S.Cantwell

‎11-13-2019 03:09 PM

Hello,

I do not think that is possible. However you can just have a policy that explicitly denies the application.

 

Regards,

0 Likes Likes

pteixeira
L1 Bithead
In response to OtakarKlier

‎11-13-2019 03:16 PM

Ill toss in that configuring ICMP error in Zone Protection can help limit the use of Trace-route.

0 Likes Likes

s_quasar
L3 Networker
In response to OtakarKlier

‎11-14-2019 07:30 AM

I want to consider that if an IP make traceroute, this is the first step to do other bad activities on my infrastructure so I want to block it (and not deny) before it can attempt to infiltrate in my network.

0 Likes Likes

OtakarKlier
Cyber Elite
Cyber Elite
In response to s_quasar

‎11-14-2019 07:42 AM

Hello,

While I agree this could be a start to bad things, its a common tool used by many different engineers. I high caution you against a block-ip approach as this will block legit traffic to/from a good host because someone ran a command.

 

Just a deny rule is much better in this case.

 

Regards,

0 Likes Likes
  • 6204 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks