Security Basics mailing list archives
RE: ICMP (Ping)
From: "Gerard Marshall Vignes" <gerardmarshallvignes () hotmail com>
Date: Thu, 4 Sep 2003 17:20:27 -0700
The applicable tenet from encryption is that the encryption method is known, while the key is kept secret. This is taken to an extreme today, where many common encryption methods are published openly. This is why attackers usually try to get the keys. These encryption methods are both efficient and effective. If you read about the Allies cracking of Ultra (Shark, Enigma) during WWII, you can see the relevance of this tenet. The German use of rotors and plugs seemed to make it an invincible encryption engine. But the Bletchley staff understood the basic mechanism and devised a way to Separate the effects of the rotors from the effects of the plugs. As it turned out, the plugs contributed very little to the security of Ultra. The Germans would have done better by using more rotors (5-10) and left the plugs out completely. The result would have been a somewhat larger but simpler machine that was easier to use but far more difficult to crack. Please feel free to flame me for butting in w/o being invited :-) -----Original Message----- From: Tim Greer [mailto:chatmaster () charter net] Sent: Thursday, September 04, 2003 3:53 PM To: SMiller () unimin com Cc: security-basics () securityfocus com Subject: RE: ICMP (Ping) On Thu, 2003-09-04 at 10:23, SMiller () unimin com wrote:
Regarding the oft cited admonition against "security by obscurity": according to Bruce Schneier this is "Kerckhoffs' Principle", formulated in 1883 by Auguste Kerckhoffs, and as such is narrowly applicable only to algorithms used for cryptography. It may or may not apply to other and more generalized security issues, those cases must be evaluated individually. Regarding ICMP:
Fun stuff... what some people seem to fail to understand, is that it's unlikely someone's going to randomly probe for IP's to just randomly attack. The type of attacks that people launch are going to be from people that know you're there anyway.... otherwise if they are mindless enough, they will apparently attack the IP they didn't check to see if it's there. A network is going to be attacked if it's a target... if it is, you can toss any responses you like and pretend there's nothing but a big, black hole in cyberspace... they'll still hit your network. If they are doing it blindly, they will do it blindly anyway. I don't see this as much of a benefit, unless you are going to be targeted and you can somehow minimize the damage done by disabling this. Overall, I don't think it's a good or bad thing, I do it on some and not on others, depending on what I'm thinking or doing at the time. However, I wouldn't really say it's going to do much one way or another, unless you just want to prevent very specific type of attacks where this would actually help prevent or minimize damage. But just to hide, well, good luck. :-) -- Tim Greer <chatmaster () charter net> --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Re: ICMP (Ping), (continued)
- Re: ICMP (Ping) Jude Naidoo (Sep 03)
- Re: ICMP (Ping) Tomas Wolf (Sep 03)
- Re: ICMP (Ping) andreas (Sep 05)
- Re: ICMP (Ping) Luca Falavigna (Sep 05)
- Re: ICMP (Ping) Jay Woody (Sep 03)
- RE: ICMP (Ping) Stuart (Sep 04)
- RE: ICMP (Ping) Tony Kava (Sep 04)
- RE: ICMP (Ping) Jay Woody (Sep 04)
- RE: ICMP (Ping) SMiller (Sep 04)
- RE: ICMP (Ping) Tim Greer (Sep 04)
- RE: ICMP (Ping) Gerard Marshall Vignes (Sep 05)
- RE: ICMP (Ping) Tim Greer (Sep 05)
- Re: ICMP (Ping) gregh (Sep 05)
- Re: ICMP (Ping) Tim Greer (Sep 05)
- Message not available
- Re: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) gregh (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 04)
- Re: ICMP (Ping) Tomas Wolf (Sep 08)
- Re: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) Aditya (Sep 05)