Security Basics mailing list archives
RE: ICMP (Ping)
From: Vineet Mehta <vineet () linux com kw>
Date: Sun, 07 Sep 2003 08:28:18 +0300
i think its just a personal/company policy. hackers who want to hack your system will do so from not only ICMP attack but from many others available. So blocking ICMP is just a assurance that some of the hackers are kept at bay. If a company needs icmp for administrative purposes and this needs go far then stopping icmp then its also right. Coz its all about needs and fullfilling the business needs. If a company is blocking ICMP then its his policy if its not then its his policy, both policies are right from there perspective. We have seen so many responses on this topic and they all highlight that. For a real security person, he would definately block ICMP, coz his systems are dear to him. this is all i can say. i hope it was not so bad to digest :( On Fri, 2003-09-05 at 23:18, Tim Greer wrote:
On Fri, 2003-09-05 at 07:42, Jay Woody wrote:See, now I have to disagree here. I'll use web page defacements as an example. Script Kiddies showed that they did not care who or what they were targeting 90% of the time.What purpose would seeing a response from a ping serve to a kiddy looking to deface web sites? If they are going to attack you randomly, why do you assume that they would stop to think when they are blindly attacking networks/ips anyway?They just scan a range and whoever replied they ran a vuln scanner against.Running a scanner to look for open ports of vulnerabilities in services, as not going to change because you don't reply to ping requests. Those scans will check the ports and services on said IP--not give up if it can't get a ping response.If they could get in and "hack" the web page, they would.And that doesn't relate to the type of attacks being discussed. That's another, less serious issue anyway.They'd get their "message" out and move on.No, they'd probe for vulnerabilities by domain or IP, the ping response plays no role in that situation.Did some target pro-Israeli sites, etc.? Of course, but many more were just companies that replied and then had a vuln scan ran against them.That is irrelevant.Here is what it boils down to in my opinion, in the case of a determined hacker that wants you and no one else, then obviously blocking pings ain't gonna cut it.True. You're either vulnerable or not. But it depends on the type of attack and on what service or protocol.However, in the case of script kiddies that just scan a range and hit who replies, then blocking pings stops about 95% of them from even going any deeper.No it doesn't. Skripties are stupid by nature. They hit blindly with the scanners, the scanners don't give up if there's no ping response, they are busy checking to see what's running on the various ports that particular scanner scans. It's almost contradictive to use script kiddie and 'dig deeper' in the same sentence.I heard one say (I think it was Hackweiser) that if someone didn't reply, why keep looking at them, there were plenty of other boxes that would reply.But they aren't looking for boxes that reply to ping requests, they hit the IP on various ports to check to see if that port/service responds and with what.If all you care is to try and hack 400 boxes, then why waste time? Just hit the ones that are easy and come back to the hard ones.Like I said, a dumb ass script kiddie will hit the ports checking the services for vulnerable services. Ping response or not makes absolutely no difference. It's either going to happen or not, random or targeted. If it's random, you'll be hit and probed anyway (being an attach or probe). If it's not random, well, we all know the answer. I don't see the point to that side of this debate.
-- Vineet Mehta Network Security Consultant Kuwait Linux Company Kuwait Ph-2412552/2463633 <vineet [at] linux [dot] com [dot] kw> www.linux.com.kw
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: ICMP (Ping), (continued)
- Message not available
- Re: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) gregh (Sep 08)
- Re: ICMP (Ping) Tomas Wolf (Sep 08)
- Re: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) Aditya (Sep 05)
- RE: ICMP (Ping) Christos Gioran (Sep 05)
- RE: ICMP (Ping) Tim Greer (Sep 05)
- RE: ICMP (Ping) Vineet Mehta (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) gregh (Sep 08)
- Re: ICMP (Ping) Joe Bryan NSA (Sep 08)
- Re: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) Ansgar Wiechers (Sep 08)