Security Basics mailing list archives
RE: ICMP (Ping)
From: Tim Greer <chatmaster () charter net>
Date: 08 Sep 2003 10:56:42 -0700
On Mon, 2003-09-08 at 09:38, Chris Ess wrote:
Okay. We've probably gotten slightly off-topic, but I figured I'd throw my two copper pieces in anyway. I'll provide one example for why blocking pings might be a good idea... and one where it doesn't matter if you block them or not. However, I'm no expert. * Saved by blocking pings: nmap Yes, nmap. Everyone on this list has used nmap or is hopefully familiar with what it does. For those of you who don't know, nmap is a portscanning utility. The first thing nmap appears to do before it actually runs a scan is ping the host. If it cannot ping the host, it returns: Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
This is a fair point, and I don't disagree with it. As I said, this method can be used, and it depends on the tool. There's no reason to use nmap, etc., when you can just have a script connect to port 80 or 25 on an IP and see if there's a response. Most of this discussion encompasses the tools used, as with pretty much any debate about what will help or not. No doubt lots of people use the above method, but many do not. I certainly agree it may cut down on the noise, but my experience has been little to none. -- Tim Greer <chatmaster () charter net> --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- RE: ICMP (Ping), (continued)
- RE: ICMP (Ping) Tony Kava (Sep 05)
- RE: ICMP (Ping) Tony Kava (Sep 05)
- RE: ICMP (Ping) Jay Woody (Sep 05)
- Re: ICMP (Ping) gregh (Sep 08)
- Re: ICMP (Ping) Joe Bryan NSA (Sep 08)
- Re: ICMP (Ping) gregh (Sep 08)
- Re: ICMP (Ping) Jay Woody (Sep 05)
- Re: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) Ansgar Wiechers (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) Chris Ess (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) Preston Newton (Sep 08)
- Re: ICMP (Ping) Fyodor (Sep 09)
- RE: ICMP (Ping) Chris Ess (Sep 08)
- FW: ICMP (Ping) check (Sep 08)
- Re: ICMP (Ping) Jay Woody (Sep 08)
- RE: ICMP (Ping) Halverson, Chris (Sep 08)
- RE: ICMP (Ping) Jay Woody (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) jfastabe (Sep 08)
- Re: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) Lee Rich (Sep 08)