Security Basics mailing list archives
RE: ICMP (Ping)
From: Tony Kava <securityfocus () pottcounty com>
Date: Fri, 5 Sep 2003 12:59:57 -0500
Personally I enjoy such historical references, and the lesson is still valid today. No flame is necessary. -- Tony Kava Network Administrator Pottawattamie County, Iowa ZPV NVTU BQQSFDJBUF UIJT XFBLMZ FODJQIFSFE GMBNF: UBLF PGG ZPV IPTFS :) -----Original Message----- From: Gerard Marshall Vignes [mailto:gerardmarshallvignes () hotmail com] Sent: Thursday, 04 September, 2003 19:20 To: security-basics () securityfocus com Subject: RE: ICMP (Ping) The applicable tenet from encryption is that the encryption method is known, while the key is kept secret. This is taken to an extreme today, where many common encryption methods are published openly. This is why attackers usually try to get the keys. These encryption methods are both efficient and effective. If you read about the Allies cracking of Ultra (Shark, Enigma) during WWII, you can see the relevance of this tenet. The German use of rotors and plugs seemed to make it an invincible encryption engine. But the Bletchley staff understood the basic mechanism and devised a way to Separate the effects of the rotors from the effects of the plugs. As it turned out, the plugs contributed very little to the security of Ultra. The Germans would have done better by using more rotors (5-10) and left the plugs out completely. The result would have been a somewhat larger but simpler machine that was easier to use but far more difficult to crack. Please feel free to flame me for butting in w/o being invited :-) -----Original Message----- From: Tim Greer [mailto:chatmaster () charter net] Sent: Thursday, September 04, 2003 3:53 PM To: SMiller () unimin com Cc: security-basics () securityfocus com Subject: RE: ICMP (Ping) On Thu, 2003-09-04 at 10:23, SMiller () unimin com wrote:
Regarding the oft cited admonition against "security by obscurity": according to Bruce Schneier this is "Kerckhoffs' Principle", formulated in 1883 by Auguste Kerckhoffs, and as such is narrowly applicable only to algorithms used for cryptography. It may or may not apply to other and more generalized security issues, those cases must be evaluated individually. Regarding ICMP:
Fun stuff... what some people seem to fail to understand, is that it's unlikely someone's going to randomly probe for IP's to just randomly attack. The type of attacks that people launch are going to be from people that know you're there anyway.... otherwise if they are mindless enough, they will apparently attack the IP they didn't check to see if it's there. A network is going to be attacked if it's a target... if it is, you can toss any responses you like and pretend there's nothing but a big, black hole in cyberspace... they'll still hit your network. If they are doing it blindly, they will do it blindly anyway. I don't see this as much of a benefit, unless you are going to be targeted and you can somehow minimize the damage done by disabling this. Overall, I don't think it's a good or bad thing, I do it on some and not on others, depending on what I'm thinking or doing at the time. However, I wouldn't really say it's going to do much one way or another, unless you just want to prevent very specific type of attacks where this would actually help prevent or minimize damage. But just to hide, well, good luck. :-) -- Tim Greer <chatmaster () charter net> --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Re: ICMP (Ping), (continued)
- Re: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) segmentation fault (Sep 04)
- RE: ICMP (Ping) Aditya (Sep 05)
- RE: ICMP (Ping) Tony Kava (Sep 04)
- RE: ICMP (Ping) Christos Gioran (Sep 05)
- RE: ICMP (Ping) Jay Woody (Sep 05)
- RE: ICMP (Ping) Tim Greer (Sep 05)
- RE: ICMP (Ping) Vineet Mehta (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 05)
- RE: ICMP (Ping) Tony Kava (Sep 05)
- RE: ICMP (Ping) Tony Kava (Sep 05)
- RE: ICMP (Ping) Jay Woody (Sep 05)
- Re: ICMP (Ping) gregh (Sep 08)
- Re: ICMP (Ping) Joe Bryan NSA (Sep 08)
- Re: ICMP (Ping) gregh (Sep 08)
- Re: ICMP (Ping) Jay Woody (Sep 05)
- Re: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) Ansgar Wiechers (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) Chris Ess (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) Preston Newton (Sep 08)
- RE: ICMP (Ping) Chris Ess (Sep 08)