Security Basics mailing list archives

Re: ICMP (Ping)

From: Tomas Wolf <tomas () skip cz>
Date: Sun, 07 Sep 2003 00:29:10 -0400

I think that between you two is a little misunderstanding. One ispointing out those who are challenged by the "hidden", while the otherone is talking about kiddies scanning blindly huge IP ranges (evendial-up, dsl & cable), where about those thousands and thousands"unreachables" it would be just one IP that is not assigned, or the hostwasn't up....

So both of you are right... If one is looking to penetrate the site orscans small range, this will become a target... While on the other handthis site won't become a target (most likely) for a ping-scanning kiddiethat runs it in 195.X.X.X range.


good luck -- T.


Ansgar Wiechers wrote:

On 2003-09-04 freeasabird_13 () gmx net wrote:

I don't think so. Not responding to ICMP echo-requests won't make you
invisible. Whenever a ping does not return "host unreachable" you
know there *is* something with that address.

For the record, I never said nor implied that not responding to pings
would make one's internet presence "invisible".  I merely said/implied
that it would make your presence less obvious, which it simply would.


I still don't agree. When doing a scan to find potential targets,
addresses you don't get echo-replies from are screaming out "yes, I am
here and I don't want you to know" to anyone who has at least a basic
understanding of how IP works. In fact I would consider those as primary
targets, since something worth hiding may be something worth getting. I
fail to see how this would make your presence less obvious. Am I missing
something?

Regards
Ansgar Wiechers

---------------------------------------------------------------------------

Attend Black Hat Briefings & Training Federal, September 29-30 (Training),October 1-2 (Briefings) in Tysons Corner, VA; the world's premiertechnical IT security event. Modeled after the famous Black Hat event inLas Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com

----------------------------------------------------------------------------




---------------------------------------------------------------------------

Captus NetworksAre you prepared for the next Sobig & Blaster?- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans- Precisely Define and Implement Network Security- Automatically Control P2P, IM and Spam TrafficFIND OUT NOW - FREE Vulnerability Assessment Toolkithttp://www.captusnetworks.com/ads/42.htm

----------------------------------------------------------------------------

Current thread:

ICMP (Ping) Paul Kurczaba (Sep 02)
- Re: ICMP (Ping) freeasabird_13 (Sep 03)
  - Re: ICMP (Ping) Ansgar Wiechers (Sep 04)
    - Re: ICMP (Ping) freeasabird_13 (Sep 05)
    - Re: ICMP (Ping) Ansgar Wiechers (Sep 05)
    - Re: ICMP (Ping) Tomas Wolf (Sep 08)
    - Re: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) Jude Naidoo (Sep 03)
- Re: ICMP (Ping) Tomas Wolf (Sep 03)
- Re: ICMP (Ping) andreas (Sep 05)
- Re: ICMP (Ping) Luca Falavigna (Sep 05)
- <Possible follow-ups>
- Re: ICMP (Ping) Jay Woody (Sep 03)
  - RE: ICMP (Ping) Stuart (Sep 04)
- RE: ICMP (Ping) Tony Kava (Sep 04)
- RE: ICMP (Ping) Jay Woody (Sep 04)
- RE: ICMP (Ping) SMiller (Sep 04)

(Thread continues...)