Full Disclosure mailing list archives
Re: ICMP (was: daily internet traffic report)
From: Frank de Wit <frankdewit () home nl>
Date: Mon, 18 Oct 2004 18:54:00 +0200
please don't call me sir, that makes me old ;-) the answer is 'no' do I win a price now? Ron DuFresne wrote:
Frank, Question back at you sir; Does OS fingerprinting rely soley upon ICMP leakage? I'd thought I saw a number of papers that related to OS detection from the incentricities of TCP/IP stacks of the various OS', like papers by Fydor, documented in phrack, etc. Thanks, Ron DuFresne On Sun, 17 Oct 2004, Frank de Wit wrote:I thought I asked a question ; the answer 'yes' should have been sufficient ;-) Just joking, let's ask two other questions: -when you read about ICMP fingerprinting (see Ofir Arkin's great articles) -and you see tools like Xprobe and a lot of other OS-fingerprinting tools I might be wrong, but: a) do you still think ICMP is a good thing in relation to security (by obscurity)? b) why would you need ICMP from the internet to your perimeter/DMZ-devices? Hojje, Frank Willem Koenings wrote:are they? do you remember 'firewalking'?sorry, but firewalking is not icmp-only technique and don't use full range of icmp types/codes. by firewalking you use tcp or udp packets (depends, which protocol acl you want to study) with one bigger TTL than target and monitor results via icmp type 11. if you really afraid firewalking, then instead of closing down all icmp you can close down only type 11. and nat firewall protects you from firewalking anyway. what i want to say? blindly closing down things is easiest thing to do. but doing so you are not on the top of the problem and you don't control things. get down to the problem and fix things. there's one too many black hole routers in the world and availability is also an security attribute. al the best, W._______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- ICMP (was: daily internet traffic report), (continued)
- ICMP (was: daily internet traffic report) Frank de Wit (Oct 17)
- Re: ICMP (was: daily internet traffic report) James Edwards (Oct 17)
- Re: ICMP (was: daily internet traffic report) Cedric Blancher (Oct 17)
- Re: ICMP (was: daily internet traffic report) James Edwards (Oct 17)
- Re: ICMP (was: daily internet traffic report) Cedric Blancher (Oct 17)
- Re: ICMP (was: daily internet traffic report) james edwards (Oct 18)
- Re: ICMP (was: daily internet traffic report) Cedric Blancher (Oct 18)
- Re: ICMP - Today India, Samoa, and Iran are in the tank - back to orginal thread DDoS, or No DDoS? vigilaro (Oct 18)
- ICMP (was: daily internet traffic report) Frank de Wit (Oct 17)
- Re: ICMP (was: daily internet traffic report) Barrie Dempster (Oct 18)
- Re: ICMP (was: daily internet traffic report) Ron DuFresne (Oct 17)
- Re: ICMP (was: daily internet traffic report) Frank de Wit (Oct 18)