Security Basics mailing list archives

RE: ICMP (Ping)

From: Tim Greer <chatmaster () charter net>
Date: 04 Sep 2003 15:52:30 -0700

On Thu, 2003-09-04 at 10:23, SMiller () unimin com wrote:

Regarding the oft cited admonition against "security by obscurity":
according to Bruce Schneier this is "Kerckhoffs' Principle", formulated in
1883 by Auguste Kerckhoffs, and as such is narrowly applicable only to
algorithms used for cryptography.  It may or may not apply to other and
more generalized security issues, those cases must be evaluated
individually.  Regarding ICMP:

Fun stuff... what some people seem to fail to understand, is that it's
unlikely someone's going to randomly probe for IP's to just randomly
attack. The type of attacks that people launch are going to be from
people that know you're there anyway.... otherwise if they are mindless
enough, they will apparently attack the IP they didn't check to see if
it's there.

A network is going to be attacked if it's a target... if it is, you can
toss any responses you like and pretend there's nothing but a big, black
hole in cyberspace... they'll still hit your network. If they are doing
it blindly, they will do it blindly anyway. I don't see this as much of
a benefit, unless you are going to be targeted and you can somehow
minimize the damage done by disabling this.

Overall, I don't think it's a good or bad thing, I do it on some and not
on others, depending on what I'm thinking or doing at the time. However,
I wouldn't really say it's going to do much one way or another, unless
you just want to prevent very specific type of attacks where this would
actually help prevent or minimize damage. But just to hide, well, good
luck. :-)
--
Tim Greer <chatmaster () charter net>

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

Current thread:

Re: ICMP (Ping), (continued)
- - - Re: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) Jude Naidoo (Sep 03)
- Re: ICMP (Ping) Tomas Wolf (Sep 03)
- Re: ICMP (Ping) andreas (Sep 05)
- Re: ICMP (Ping) Luca Falavigna (Sep 05)
- Re: ICMP (Ping) Jay Woody (Sep 03)
  - RE: ICMP (Ping) Stuart (Sep 04)
- RE: ICMP (Ping) Tony Kava (Sep 04)
- RE: ICMP (Ping) Jay Woody (Sep 04)
- RE: ICMP (Ping) SMiller (Sep 04)
  - RE: ICMP (Ping) Tim Greer (Sep 04)
    - RE: ICMP (Ping) Gerard Marshall Vignes (Sep 05)
    - RE: ICMP (Ping) Tim Greer (Sep 05)
    - Re: ICMP (Ping) gregh (Sep 05)
    - Re: ICMP (Ping) Tim Greer (Sep 05)
    - Message not available
    - Re: ICMP (Ping) Tim Greer (Sep 08)
    - Re: ICMP (Ping) gregh (Sep 08)
    - Re: ICMP (Ping) Tomas Wolf (Sep 08)
    - Re: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) segmentation fault (Sep 04)
  - RE: ICMP (Ping) Aditya (Sep 05)

(Thread continues...)