Security Basics mailing list archives
RE: ICMP (Ping)
From: Tim Greer <chatmaster () charter net>
Date: 05 Sep 2003 13:18:53 -0700
On Fri, 2003-09-05 at 07:42, Jay Woody wrote:
See, now I have to disagree here. I'll use web page defacements as an example. Script Kiddies showed that they did not care who or what they were targeting 90% of the time.
What purpose would seeing a response from a ping serve to a kiddy looking to deface web sites? If they are going to attack you randomly, why do you assume that they would stop to think when they are blindly attacking networks/ips anyway?
They just scan a range and whoever replied they ran a vuln scanner against.
Running a scanner to look for open ports of vulnerabilities in services, as not going to change because you don't reply to ping requests. Those scans will check the ports and services on said IP--not give up if it can't get a ping response.
If they could get in and "hack" the web page, they would.
And that doesn't relate to the type of attacks being discussed. That's another, less serious issue anyway.
They'd get their "message" out and move on.
No, they'd probe for vulnerabilities by domain or IP, the ping response plays no role in that situation.
Did some target pro-Israeli sites, etc.? Of course, but many more were just companies that replied and then had a vuln scan ran against them.
That is irrelevant.
Here is what it boils down to in my opinion, in the case of a determined hacker that wants you and no one else, then obviously blocking pings ain't gonna cut it.
True. You're either vulnerable or not. But it depends on the type of attack and on what service or protocol.
However, in the case of script kiddies that just scan a range and hit who replies, then blocking pings stops about 95% of them from even going any deeper.
No it doesn't. Skripties are stupid by nature. They hit blindly with the scanners, the scanners don't give up if there's no ping response, they are busy checking to see what's running on the various ports that particular scanner scans. It's almost contradictive to use script kiddie and 'dig deeper' in the same sentence.
I heard one say (I think it was Hackweiser) that if someone didn't reply, why keep looking at them, there were plenty of other boxes that would reply.
But they aren't looking for boxes that reply to ping requests, they hit the IP on various ports to check to see if that port/service responds and with what.
If all you care is to try and hack 400 boxes, then why waste time? Just hit the ones that are easy and come back to the hard ones.
Like I said, a dumb ass script kiddie will hit the ports checking the services for vulnerable services. Ping response or not makes absolutely no difference. It's either going to happen or not, random or targeted. If it's random, you'll be hit and probed anyway (being an attach or probe). If it's not random, well, we all know the answer. I don't see the point to that side of this debate. -- Tim Greer <chatmaster () charter net> --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Re: ICMP (Ping), (continued)
- Re: ICMP (Ping) Tim Greer (Sep 05)
- Message not available
- Re: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) gregh (Sep 08)
- Re: ICMP (Ping) Tomas Wolf (Sep 08)
- Re: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) Aditya (Sep 05)
- RE: ICMP (Ping) Christos Gioran (Sep 05)
- RE: ICMP (Ping) Tim Greer (Sep 05)
- RE: ICMP (Ping) Vineet Mehta (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) gregh (Sep 08)
- Re: ICMP (Ping) Joe Bryan NSA (Sep 08)
- Re: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) Ansgar Wiechers (Sep 08)