Full Disclosure mailing list archives
Re: ICMP (was: daily internet traffic report)
From: Ron DuFresne <dufresne () winternet com>
Date: Mon, 18 Oct 2004 01:26:08 -0500 (CDT)
Frank, Question back at you sir; Does OS fingerprinting rely soley upon ICMP leakage? I'd thought I saw a number of papers that related to OS detection from the incentricities of TCP/IP stacks of the various OS', like papers by Fydor, documented in phrack, etc. Thanks, Ron DuFresne On Sun, 17 Oct 2004, Frank de Wit wrote:
I thought I asked a question ; the answer 'yes' should have been sufficient ;-) Just joking, let's ask two other questions: -when you read about ICMP fingerprinting (see Ofir Arkin's great articles) -and you see tools like Xprobe and a lot of other OS-fingerprinting tools I might be wrong, but: a) do you still think ICMP is a good thing in relation to security (by obscurity)? b) why would you need ICMP from the internet to your perimeter/DMZ-devices? Hojje, Frank Willem Koenings wrote:are they? do you remember 'firewalking'?sorry, but firewalking is not icmp-only technique and don't use full range of icmp types/codes. by firewalking you use tcp or udp packets (depends, which protocol acl you want to study) with one bigger TTL than target and monitor results via icmp type 11. if you really afraid firewalking, then instead of closing down all icmp you can close down only type 11. and nat firewall protects you from firewalking anyway. what i want to say? blindly closing down things is easiest thing to do. but doing so you are not on the top of the problem and you don't control things. get down to the problem and fix things. there's one too many black hole routers in the world and availability is also an security attribute. al the best, W._______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: [SPAM] Your daily internet traffic report, (continued)
- Re: [SPAM] Your daily internet traffic report Willem Koenings (Oct 17)
- ICMP (was: daily internet traffic report) Frank de Wit (Oct 17)
- Re: ICMP (was: daily internet traffic report) James Edwards (Oct 17)
- Re: ICMP (was: daily internet traffic report) Cedric Blancher (Oct 17)
- Re: ICMP (was: daily internet traffic report) James Edwards (Oct 17)
- Re: ICMP (was: daily internet traffic report) Cedric Blancher (Oct 17)
- Re: ICMP (was: daily internet traffic report) james edwards (Oct 18)
- Re: ICMP (was: daily internet traffic report) Cedric Blancher (Oct 18)
- Re: ICMP - Today India, Samoa, and Iran are in the tank - back to orginal thread DDoS, or No DDoS? vigilaro (Oct 18)
- ICMP (was: daily internet traffic report) Frank de Wit (Oct 17)
- Re: [SPAM] Your daily internet traffic report Willem Koenings (Oct 17)
- Re: ICMP (was: daily internet traffic report) Barrie Dempster (Oct 18)
- Re: ICMP (was: daily internet traffic report) Ron DuFresne (Oct 17)
- Re: ICMP (was: daily internet traffic report) Frank de Wit (Oct 18)