Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Strange ICMP timestamp replies

From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Tue, 16 Jan 2001 13:46:09 -0500
On Tue, 16 Jan 2001, Florian Weimer wrote:


These are ICMP timestamp replies, I think.  Does anybody know why
somebody sends such packets?  You can hardly do OS fingerprinting
using ICMP timestamp replies.


as a matter of fact you can play with ICMP to do host discovery and
generic OS detection:

http://www.sys-security.com/archive/papers/ICMP_Scanning_v2.5.pdf

hope this helps,

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Previous By Date Next
Previous By Thread Next

Current thread: