Security Basics mailing list archives
RE: ICMP (Ping)
From: Preston Newton <preston.newton () equipnetworks com>
Date: Mon, 08 Sep 2003 14:21:44 -0500
2 more cents to add to the million dollars that we've accumulated on this topic. hping can "ping" a tcp port to ICMP blocks are null and void against this type of "ping". So any person with basic shell skills could write a script to utilize hping and compile a list of open ports into a file about systems... http://www.hping.org/ On Mon, 2003-09-08 at 12:56, Tim Greer wrote:
On Mon, 2003-09-08 at 09:38, Chris Ess wrote:Okay. We've probably gotten slightly off-topic, but I figured I'd throw my two copper pieces in anyway. I'll provide one example for why blocking pings might be a good idea... and one where it doesn't matter if you block them or not. However, I'm no expert. * Saved by blocking pings: nmap Yes, nmap. Everyone on this list has used nmap or is hopefully familiar with what it does. For those of you who don't know, nmap is a portscanning utility. The first thing nmap appears to do before it actually runs a scan is ping the host. If it cannot ping the host, it returns: Note: Host seems down. If it is really up, but blocking our ping probes, try -P0This is a fair point, and I don't disagree with it. As I said, this method can be used, and it depends on the tool. There's no reason to use nmap, etc., when you can just have a script connect to port 80 or 25 on an IP and see if there's a response. Most of this discussion encompasses the tools used, as with pretty much any debate about what will help or not. No doubt lots of people use the above method, but many do not. I certainly agree it may cut down on the noise, but my experience has been little to none.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- RE: ICMP (Ping), (continued)
- RE: ICMP (Ping) Tony Kava (Sep 05)
- RE: ICMP (Ping) Jay Woody (Sep 05)
- Re: ICMP (Ping) gregh (Sep 08)
- Re: ICMP (Ping) Joe Bryan NSA (Sep 08)
- Re: ICMP (Ping) gregh (Sep 08)
- Re: ICMP (Ping) Jay Woody (Sep 05)
- Re: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) Ansgar Wiechers (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) Chris Ess (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) Preston Newton (Sep 08)
- Re: ICMP (Ping) Fyodor (Sep 09)
- RE: ICMP (Ping) Chris Ess (Sep 08)
- FW: ICMP (Ping) check (Sep 08)
- Re: ICMP (Ping) Jay Woody (Sep 08)
- RE: ICMP (Ping) Halverson, Chris (Sep 08)
- RE: ICMP (Ping) Jay Woody (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) jfastabe (Sep 08)
- Re: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) Lee Rich (Sep 08)
- RE: ICMP (Ping) Jay Woody (Sep 08)