Re: ICMP (Ping)

["gregh" <chows () ozemail com au>]

> ----- Original Message ----- 
> From: Jay Woody 
> To: chatmaster () charter net 
> Cc: security-basics () securityfocus com 
> Sent: Saturday, September 06, 2003 7:29 AM
> Subject: RE: ICMP (Ping)


> > > What purpose would seeing a response from a ping serve to a 
> > > kiddy looking to deface web sites?  If they are going to attack 
> > > you randomly, why do you assume that they would stop to 
> > > think when they are blindly attacking networks/ips anyway?

> Here is how it works again.  They scan a range and then go back and run
> a port scan/vuln scan against what replies.  They don't run vuln scans

No even that isnt 100% correct. If they have a new toy they will do it. Dont forget that new toys come out all the time 
and the only way they can prove their theories is to go on randoma attacks to see if what they have works or not.

In short, yes most of the time they attack depending on what a port scan shows them but quite a lot of the time they 
will also be randomly attacking depending on their association with other scripties and what their own level of 
understanding is plus what they think they have in their hands. Eg, if they are deep in a coven and have been given a 
new toy and arent that up to scratch with scripting themselves, they will test as they see fit by attacking anything 
they can. It's just plain logic. What do you do when you build yourself a new computer but test it to the limits first 
off? Well, same thing with a enw script.

Greg.

---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------