RE: ICMP (Ping)

[Preston Newton <preston.newton () equipnetworks com>]

2 more cents to add to the million dollars that we've accumulated on
this topic.

hping can "ping" a tcp port to ICMP blocks are null and void against
this type of "ping".  So any person with basic shell skills could write
a script to utilize hping and compile a list of open ports into a file
about systems...


http://www.hping.org/


On Mon, 2003-09-08 at 12:56, Tim Greer wrote:
> On Mon, 2003-09-08 at 09:38, Chris Ess wrote:
> > Okay.  We've probably gotten slightly off-topic, but I figured I'd throw
> > my two copper pieces in anyway.  I'll provide one example for why blocking
> > pings might be a good idea...  and one where it doesn't matter if you
> > block them or not.  However, I'm no expert.
> >
> > * Saved by blocking pings: nmap
> >
> > Yes, nmap.  Everyone on this list has used nmap or is hopefully familiar
> > with what it does.  For those of you who don't know, nmap is a
> > portscanning utility.
> >
> > The first thing nmap appears to do before it actually runs a scan is ping
> > the host.  If it cannot ping the host, it returns:
> >
> > Note: Host seems down. If it is really up, but blocking our ping probes,
> > try -P0
>
> This is a fair point, and I don't disagree with it.  As I said, this
> method can be used, and it depends on the tool.  There's no reason to
> use nmap, etc., when you can just have a script connect to port 80 or 25
> on an IP and see if there's a response.
>
> Most of this discussion encompasses the tools used, as with pretty much
> any debate about what will help or not.  No doubt lots of people use the
> above method, but many do not.  I certainly agree it may cut down on the
> noise, but my experience has been little to none.

Attachment: signature.asc
Description: This is a digitally signed message part