Security Basics mailing list archives

Re: ICMP (Ping)

From: "Joe Bryan NSA" <joe () ns-architects com>
Date: Mon, 8 Sep 2003 15:21:45 -0500

Actually, if they have the config wrong, and a sql server is servicing the
web server/site even if it is in a DMZ, the SQL server can be exploited,
even executing commands on the sql SERVER itself..
that is the real threat..

Joe Bryan NSA
612.382.5796
----- Original Message -----
From: "gregh" <chows () ozemail com au>
To: <security-basics () securityfocus com>
Sent: Saturday, September 06, 2003 7:00 PM
Subject: Re: ICMP (Ping)

----- Original Message -----
From: Jay Woody
To: chatmaster () charter net
Cc: security-basics () securityfocus com
Sent: Saturday, September 06, 2003 7:29 AM
Subject: RE: ICMP (Ping)

What purpose would seeing a response from a ping serve to a
kiddy looking to deface web sites?  If they are going to attack
you randomly, why do you assume that they would stop to
think when they are blindly attacking networks/ips anyway?

Here is how it works again.  They scan a range and then go back and run
a port scan/vuln scan against what replies.  They don't run vuln scans


No even that isnt 100% correct. If they have a new toy they will do it. Dont
forget that new toys come out all the time and the only way they can prove
their theories is to go on randoma attacks to see if what they have works or
not.

In short, yes most of the time they attack depending on what a port scan
shows them but quite a lot of the time they will also be randomly attacking
depending on their association with other scripties and what their own level
of understanding is plus what they think they have in their hands. Eg, if
they are deep in a coven and have been given a new toy and arent that up to
scratch with scripting themselves, they will test as they see fit by
attacking anything they can. It's just plain logic. What do you do when you
build yourself a new computer but test it to the limits first off? Well,
same thing with a enw script.

Greg.

---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Current thread:

RE: ICMP (Ping), (continued)
- RE: ICMP (Ping) Tony Kava (Sep 04)
  - RE: ICMP (Ping) Christos Gioran (Sep 05)
- RE: ICMP (Ping) Jay Woody (Sep 05)
  - RE: ICMP (Ping) Tim Greer (Sep 05)
    - RE: ICMP (Ping) Vineet Mehta (Sep 08)
    - RE: ICMP (Ping) Tim Greer (Sep 08)
- RE: ICMP (Ping) Tony Kava (Sep 05)
- RE: ICMP (Ping) Tony Kava (Sep 05)
- RE: ICMP (Ping) Jay Woody (Sep 05)
  - Re: ICMP (Ping) gregh (Sep 08)
    - Re: ICMP (Ping) Joe Bryan NSA (Sep 08)
- Re: ICMP (Ping) Jay Woody (Sep 05)
  - Re: ICMP (Ping) Tim Greer (Sep 08)
  - Re: ICMP (Ping) Ansgar Wiechers (Sep 08)
- RE: ICMP (Ping) Tim Greer (Sep 08)
  - RE: ICMP (Ping) Chris Ess (Sep 08)
    - RE: ICMP (Ping) Tim Greer (Sep 08)
    - RE: ICMP (Ping) Preston Newton (Sep 08)
    - Re: ICMP (Ping) Fyodor (Sep 09)
- FW: ICMP (Ping) check (Sep 08)
- Re: ICMP (Ping) Jay Woody (Sep 08)

(Thread continues...)