Modify TTL value for security reasons.
-
Pfsense support Packet Mangle TTL ?
-
See this URL for more information: http://www.mail-archive.com/discussion@pfsense.com/msg01782.html
-
That may or may not be what you're after. If not, by "packet mangle TTL", what exactly do you mean?
-
I don't know if pfsense supports it, but pf allows you to create rules based on the TTL value. For instance, you should be suspicious of incoming packets with very low TTL (TTL = 1, 2, etc) because it's likely the result of firewalking.
-
yeah, thanks ulrich, here …
Bill Marquette
Mon, 04 Sep 2006 10:09:44 -0700Or if you want fuck with the ISP and have a full blown network behind
the pfSense box.Change the following line in /etc/inc/filter.inc
$rules .= "scrub all {$scrubnodf} {$mssclamp} fragment
reassemble\n"; // reassemble all directions
to:
$rules .= "scrub all min-ttl 255 {$scrubnodf} {$mssclamp}
fragment reassemble\n"; // reassemble all directionsThat will reset the TTL to 255 (substitute whatever sufficiently high
value appeals to you) as it passes through the pfSense box. The above
line lives on line 166 in filter.inc version 1.575.2.235. BTW, this
will have the other added advantage of being able to mask different
OSs behind your pfSense box and the network layout as ALL packets will
have a normalized TTL after traversing the firewall.I don't expect to ever put a gui wrapper around this, I feel it has
rather limited use.--Bill
-
J johnpoz referenced this topic on
-
J johnpoz referenced this topic on
-
J johnpoz referenced this topic on
-
J johnpoz referenced this topic on