Re: ICMP (Ping)

["Lee Rich" <lee.rich () wlga gov uk>]

Adding my 2 pence to the growing kitty, no one has yet mentioned the
damage that can be caused by a system that 'does' reply to echo
requests. Everyone has heard of a Smurf attack. A 'broadcast' list of IP
addresses, fed into a spoofing program can take out a low bandwidth
machine by flooding it.

If anyone is unfamiliar with the technique, the attacker 'pings' a range
of addresses, those who return the echo reply are added to a broadcast
list. The attacker then simply uses the address of the target in a
series of spoofed echo request packets to the broadcast list, who all
then reply in unison to the spoofed address.

Ok, so arguably, this might only be an issue for the home modem user.
The results can be devastating, especially if the payload of the echo
requests contain the age old 'ATH0' string and hangs up modem's along
the way.

-Lee
***************************************************************
SAVE PAPER - THINK BEFORE YOU PRINT!   
I ARBED PAPUR - PWYLLWCH CYN PRINTIO!  
***************************************************************

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------