Security Basics mailing list archives
Re: ICMP (Ping)
From: "Joe Bryan NSA" <joe () ns-architects com>
Date: Mon, 8 Sep 2003 15:21:45 -0500
Actually, if they have the config wrong, and a sql server is servicing the web server/site even if it is in a DMZ, the SQL server can be exploited, even executing commands on the sql SERVER itself.. that is the real threat.. Joe Bryan NSA 612.382.5796 ----- Original Message ----- From: "gregh" <chows () ozemail com au> To: <security-basics () securityfocus com> Sent: Saturday, September 06, 2003 7:00 PM Subject: Re: ICMP (Ping)
----- Original Message ----- From: Jay Woody To: chatmaster () charter net Cc: security-basics () securityfocus com Sent: Saturday, September 06, 2003 7:29 AM Subject: RE: ICMP (Ping)
What purpose would seeing a response from a ping serve to a kiddy looking to deface web sites? If they are going to attack you randomly, why do you assume that they would stop to think when they are blindly attacking networks/ips anyway?
Here is how it works again. They scan a range and then go back and run a port scan/vuln scan against what replies. They don't run vuln scans
No even that isnt 100% correct. If they have a new toy they will do it. Dont forget that new toys come out all the time and the only way they can prove their theories is to go on randoma attacks to see if what they have works or not. In short, yes most of the time they attack depending on what a port scan shows them but quite a lot of the time they will also be randomly attacking depending on their association with other scripties and what their own level of understanding is plus what they think they have in their hands. Eg, if they are deep in a coven and have been given a new toy and arent that up to scratch with scripting themselves, they will test as they see fit by attacking anything they can. It's just plain logic. What do you do when you build yourself a new computer but test it to the limits first off? Well, same thing with a enw script. Greg. --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- RE: ICMP (Ping), (continued)
- RE: ICMP (Ping) Tony Kava (Sep 04)
- RE: ICMP (Ping) Christos Gioran (Sep 05)
- RE: ICMP (Ping) Jay Woody (Sep 05)
- RE: ICMP (Ping) Tim Greer (Sep 05)
- RE: ICMP (Ping) Vineet Mehta (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 05)
- RE: ICMP (Ping) Tony Kava (Sep 04)
- RE: ICMP (Ping) Tony Kava (Sep 05)
- RE: ICMP (Ping) Tony Kava (Sep 05)
- RE: ICMP (Ping) Jay Woody (Sep 05)
- Re: ICMP (Ping) gregh (Sep 08)
- Re: ICMP (Ping) Joe Bryan NSA (Sep 08)
- Re: ICMP (Ping) gregh (Sep 08)
- Re: ICMP (Ping) Jay Woody (Sep 05)
- Re: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) Ansgar Wiechers (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) Chris Ess (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) Preston Newton (Sep 08)
- Re: ICMP (Ping) Fyodor (Sep 09)
- RE: ICMP (Ping) Chris Ess (Sep 08)