RE: ICMP (Ping)

[Tim Greer <chatmaster () charter net>]

On Mon, 2003-09-08 at 09:38, Chris Ess wrote:
> Okay.  We've probably gotten slightly off-topic, but I figured I'd throw
> my two copper pieces in anyway.  I'll provide one example for why blocking
> pings might be a good idea...  and one where it doesn't matter if you
> block them or not.  However, I'm no expert.
>
> * Saved by blocking pings: nmap
>
> Yes, nmap.  Everyone on this list has used nmap or is hopefully familiar
> with what it does.  For those of you who don't know, nmap is a
> portscanning utility.
>
> The first thing nmap appears to do before it actually runs a scan is ping
> the host.  If it cannot ping the host, it returns:
>
> Note: Host seems down. If it is really up, but blocking our ping probes,
> try -P0

This is a fair point, and I don't disagree with it.  As I said, this
method can be used, and it depends on the tool.  There's no reason to
use nmap, etc., when you can just have a script connect to port 80 or 25
on an IP and see if there's a response.

Most of this discussion encompasses the tools used, as with pretty much
any debate about what will help or not.  No doubt lots of people use the
above method, but many do not.  I certainly agree it may cut down on the
noise, but my experience has been little to none.
-- 
Tim Greer <chatmaster () charter net>


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------