Re: ICMP (Ping)

[Tim Greer <chatmaster () charter net>]

On Sat, 2003-09-06 at 21:29, Tomas Wolf wrote:
> I think that between you two is a little misunderstanding. One is 
> pointing out those who are challenged by the "hidden", while the other 
> one is talking about kiddies scanning blindly huge IP ranges (even 
> dial-up, dsl & cable), where about those thousands and thousands 
> "unreachables" it would be just one IP that is not assigned, or the host 
> wasn't up....
>
> So both of you are right... If one is looking to penetrate the site or 
> scans small range, this will become a target... While on the other hand 
> this site won't become a target (most likely) for a ping-scanning kiddie 
> that runs it in 195.X.X.X range.
>
> good luck -- T.


Right, there's no right or wrong, it just depends on what the attacker
is using and how they are doing it.  As I stated, both are used, but
people stated that the one (just probing or not relying on ping
responses) are not used much or at all.  I disagreed with that, since
I've seen it otherwise, and in fact, it's more logical to not rely on
pings.  Not just because it's more logical, but because, as I said, this
is what I've seen.  Other's experience may determine otherwise, for
them, but it is a reality on all the systems and networks I've seen.
-- 
Tim Greer <chatmaster () charter net>


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------