Re: ICMP (Ping)

[Tim Greer <chatmaster () charter net>]

On Fri, 2003-09-05 at 13:35, Jay Woody wrote:
> Not really, they will randomly scan and the RETURN to the ones that
> replied and run a vuln scan against it.  If you didn't reply to begin
> with then they won't be RETURNING.

Clearly we disagree about the semantics here.  While you are married to
the idea that no one will bother scanning your server unless it responds
to pings, I am of the opinion and experience on my part dictates, that
many people will cut out the middle man and just scan to see if it
responds to the specific or general services they are targeting and move
on if it doesn't respond to those common services.

There's no reason to go on arguing about this or insisting it's one way
or another--that is not what I personally meant nor claimed. I simply
said that it will only save you from being scanned if someone actually
used that method.  I've rarely seen people not just randomly scan, if
they're going to randomly collect IPs.  If your system is vulnerable
enough to be hit from such a person, you have more to worry about than
ping responses or not.  A skilled enough attacker will not use that
method to determine what systems are alive or not.
-- 
Tim Greer <chatmaster () charter net>


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------