Security Basics mailing list archives
RE: ICMP (Ping)
From: "Jay Woody" <jay_woody () tnb com>
Date: Fri, 05 Sep 2003 09:42:07 -0500
See, now I have to disagree here. I'll use web page defacements as an example. Script Kiddies showed that they did not care who or what they were targeting 90% of the time. They just scan a range and whoever replied they ran a vuln scanner against. If they could get in and "hack" the web page, they would. They'd get their "message" out and move on. Did some target pro-Israeli sites, etc.? Of course, but many more were just companies that replied and then had a vuln scan ran against them. Here is what it boils down to in my opinion, in the case of a determined hacker that wants you and no one else, then obviously blocking pings ain't gonna cut it. However, in the case of script kiddies that just scan a range and hit who replies, then blocking pings stops about 95% of them from even going any deeper. I heard one say (I think it was Hackweiser) that if someone didn't reply, why keep looking at them, there were plenty of other boxes that would reply. If all you care is to try and hack 400 boxes, then why waste time? Just hit the ones that are easy and come back to the hard ones. JayW
Tim Greer <chatmaster () charter net> 09/04/03 05:52PM >>>
On Thu, 2003-09-04 at 10:23, SMiller () unimin com wrote:
Regarding the oft cited admonition against "security by obscurity": according to Bruce Schneier this is "Kerckhoffs' Principle",
formulated in
1883 by Auguste Kerckhoffs, and as such is narrowly applicable only
to
algorithms used for cryptography. It may or may not apply to other
and
more generalized security issues, those cases must be evaluated individually. Regarding ICMP:
Fun stuff... what some people seem to fail to understand, is that it's unlikely someone's going to randomly probe for IP's to just randomly attack. The type of attacks that people launch are going to be from people that know you're there anyway.... otherwise if they are mindless enough, they will apparently attack the IP they didn't check to see if it's there. A network is going to be attacked if it's a target... if it is, you can toss any responses you like and pretend there's nothing but a big, black hole in cyberspace... they'll still hit your network. If they are doing it blindly, they will do it blindly anyway. I don't see this as much of a benefit, unless you are going to be targeted and you can somehow minimize the damage done by disabling this. Overall, I don't think it's a good or bad thing, I do it on some and not on others, depending on what I'm thinking or doing at the time. However, I wouldn't really say it's going to do much one way or another, unless you just want to prevent very specific type of attacks where this would actually help prevent or minimize damage. But just to hide, well, good luck. :-) -- Tim Greer <chatmaster () charter net> --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Re: ICMP (Ping), (continued)
- Re: ICMP (Ping) gregh (Sep 05)
- Re: ICMP (Ping) Tim Greer (Sep 05)
- Message not available
- Re: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) gregh (Sep 08)
- Re: ICMP (Ping) Tomas Wolf (Sep 08)
- Re: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) Aditya (Sep 05)
- RE: ICMP (Ping) Christos Gioran (Sep 05)
- RE: ICMP (Ping) Tim Greer (Sep 05)
- RE: ICMP (Ping) Vineet Mehta (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) gregh (Sep 08)
- Re: ICMP (Ping) Joe Bryan NSA (Sep 08)
- Re: ICMP (Ping) Tim Greer (Sep 08)