Hiding f5 LTM ip address in the traceroute

Hi KM,

 

 

I don't think it's possible to pass ICMP packets yet have the IP reported as something other than the IP addresses.

 

 

Aaron

it's a shot in the dark, but you could try defining a bogus address (not routable in your org's context) that's higher or lower than your valid self-ip on the same vlan and see if the ttl=0 response is generated by one of them.

> I don't think it's possible to pass ICMP packets yet have the IP reported as something other than the IP addresses.

 

 

traceroute relies on two things:

 

- originator progressively incrementing ping's TTL this progressively causing TTL==0 condition at each hop (enroute to its destination)

 

- relying on that hop to return ICMP "Time exceeded" with own IP.

 

 

Like any L3 device, a (routing) firewall is obliged to return its own IP, but it doesn't have to - it can act transparent to ping (or TTL) - it's a security issue and a default configuration for (many routing) firewalls. So, OP's question is legitimate and reasonable.

 

 

Can we mask the ip address using an i-rule; something like checking the ICMP TTL packet and changing theip or masking the ip.

Can we mask the ip address using an i-rule; something like checking the ICMP TTL packet and changing the ip or masking the ip.