Newbie bewilderment III

Vernon Schryver vjs@calcite.rhyolite.com
Wed Jan 1 19:01:59 UTC 2003


> From: Nathan Neulinger <nneul@umr.edu>
> To: ":)" <lists@xymox1.com>

> > As to the firewall question: I don't even have a firewall running.
> > However its still possible I suppose that my host provider has some
> > very weird firewall running.

Sometimes mechanisms that filter packets are not called firewalls and
are not separate boxes.  A common source of problems for DCC users
are "ipchains."

> >                              As I said however I can run SSH on port
> > 6277 and connect to Open_ssh from my Secure CRT client. I think this
> > uses both TCP and UDP ?. So the port seems clear and unobstructed.
>
> SSH is tcp only. You need to check with a udp application. Some versions
> of ping allow you to specify a port number.

Yes, but that would also require a verson of ping that uses UDP packets
instead of ICMP Echo-Requests and Echo-Responses.

The canonical traceroute (but perhaps not Microsoft's `tracert`) by
default sends UDP packets and expects to receive ICMP Unreachable or
Time-Exceeded error messages.  If there is a filter on out-going UDP
packets to destination UDP port 6277 about three hops away, then
`traceroute -p 6274` will fail but other port numbers will work...and
so forth with other port numbers for other distances to the firewall.

I can't think of a tool for checking the other direction of incoming
packets with source UDP port 6277.

We've all assumed that routing has been checked, which is to say
that simple traceroute or ping can reach the public DCC servers.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.