Security Basics mailing list archives
Re: ICMP (Ping)
From: "Lee Rich" <lee.rich () wlga gov uk>
Date: Mon, 08 Sep 2003 15:24:57 +0100
Adding my 2 pence to the growing kitty, no one has yet mentioned the damage that can be caused by a system that 'does' reply to echo requests. Everyone has heard of a Smurf attack. A 'broadcast' list of IP addresses, fed into a spoofing program can take out a low bandwidth machine by flooding it. If anyone is unfamiliar with the technique, the attacker 'pings' a range of addresses, those who return the echo reply are added to a broadcast list. The attacker then simply uses the address of the target in a series of spoofed echo request packets to the broadcast list, who all then reply in unison to the spoofed address. Ok, so arguably, this might only be an issue for the home modem user. The results can be devastating, especially if the payload of the echo requests contain the age old 'ATH0' string and hangs up modem's along the way. -Lee *************************************************************** SAVE PAPER - THINK BEFORE YOU PRINT! I ARBED PAPUR - PWYLLWCH CYN PRINTIO! *************************************************************** --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- RE: ICMP (Ping), (continued)
- RE: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) Preston Newton (Sep 08)
- Re: ICMP (Ping) Fyodor (Sep 09)
- FW: ICMP (Ping) check (Sep 08)
- Re: ICMP (Ping) Jay Woody (Sep 08)
- RE: ICMP (Ping) Halverson, Chris (Sep 08)
- RE: ICMP (Ping) Jay Woody (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) jfastabe (Sep 08)
- Re: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) Lee Rich (Sep 08)
- RE: ICMP (Ping) Jay Woody (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) Jay Woody (Sep 08)
- RE: ICMP (Ping) Jay Woody (Sep 08)
- RE: ICMP (Ping) Jay Woody (Sep 08)
- RE: ICMP (Ping) Halverson, Chris (Sep 08)
- RE: ICMP (Ping) Jay Woody (Sep 08)
- Re: ICMP (Ping) Jay Woody (Sep 08)
- Re: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) Schouten, Diederik (Diederik) (Sep 08)